Solved

Domain admin problem

Posted on 2010-11-22
15
612 Views
Last Modified: 2013-12-02
We've already a couple of WIndows 7 machines, but i noticed something strange. Apparantly havind domain admin rights doesn't mean you have all full admin rights. Which is strange I think. How come and is there a way to change this?

Jvuz
0
Comment
Question by:jvuz
  • 5
  • 5
  • 2
  • +1
15 Comments
 
LVL 10

Expert Comment

by:David_Ingledew
ID: 34186872
What version is the AD?
0
 
LVL 21

Author Comment

by:jvuz
ID: 34186906
We're using Linux servers (Samba 3.4.3).
0
 
LVL 10

Expert Comment

by:David_Ingledew
ID: 34186962
Sorry I can't help - not experienced in that...my thoughts were that the policies didn't extend to some of the newer Win7 calls...
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 1

Assisted Solution

by:clintonbrigham
clintonbrigham earned 200 total points
ID: 34187897
Windows Vista, 7, 2008 all use a "new" security feature called User Account Control. Basically regardless of what role you have assigned an account it is still only a basic user account until those privledges are elevated.  Here is the TechNet article that explains User Account Control:

http://technet.microsoft.com/en-us/library/cc772207(WS.10).aspx
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 300 total points
ID: 34188582
When you joined this Samba domain, did the Domain Admin group get added to the local Administrators group?  I'm not certain it would do it automatically since it's not a Windows-based domain.  You may need to add this group manually.

Also, as was mentioned, you might need to turn off UAC for the Administrators if adding the group doesn't automatically take care of this.

0
 
LVL 21

Author Comment

by:jvuz
ID: 34189113
I'll have to check for the domain admins in the group administrators. I'll let you know tomorrow.
0
 
LVL 21

Author Comment

by:jvuz
ID: 34202967
The domain admin is in the administrators group.
If I disable the UAC, everyting works like it should be, but when I reenable it, I'm back to 0.
i'm afraid I'll have to turn of UAC. i don't want to, but if it doesn't work, I'll need to unless someone else has an idea.

Jvuz
0
 
LVL 51

Expert Comment

by:Netman66
ID: 34204649
You can selectively turn it off for only Administrators - this gives you peace of mind knowing that normal users still end up with UAC enabled.

How To is here:  http://www.howtogeek.com/howto/windows-vista/disable-user-account-controluac-for-administrators-only/

This policy setting is likely available from a server-side GPO (I don't have the ability to test it here), so that you don't have to go around to each machine.

Create a new GPO and attach it to the domain and make this single setting in that policy.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 34205377
@jvuz - what did you ultimately end up doing?  If UAC was part of (or the entire) solution, then it's only fair to split points with clintonbrigham.

Please let us know and I can have this Q re-opened so that points can be fairly distributed.

0
 
LVL 21

Author Comment

by:jvuz
ID: 34207774
I turned UAC off, like you suggested. That's why I didn't split points. If you think I should split the points, no problem. Then you can reopen the question and I'll split the points.

Jvuz
0
 
LVL 51

Expert Comment

by:Netman66
ID: 34215094
In the interest of the spirit of this site, and because clintonbrigham mentioned UAC first before I specified how to turn it off, I would like to see a point split of 200 to him and 300 to me (only for providing more detail).

If you like, I can have a Mod reopen so you can redistribute the points - or you can do it yourself - let me know either way and I'll be happy to assist.

NM
0
 
LVL 21

Author Comment

by:jvuz
ID: 34215548
You may reopen the question and I'll divide the points regardingly.

jvuz
0
 
LVL 51

Expert Comment

by:Netman66
ID: 34220398
There you go!  Ready for you to distribute now.

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
This article summaries thoughts and ideas from two years of sustained use. It provides good reasoning to make the jump to Windows 10.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question