Solved

User setup

Posted on 2011-02-15
19
335 Views
Last Modified: 2012-05-11
I add a user into my Active Directory. Make the settings in "Properties" the same as every other user in the AD. When the user goes and logs into her workstation she is not able to run the application that we are running on the network. She need to have Administrator access on the workstation to be able to run the app. What have I not done to allow the user to work on the computer as an administrator?
0
Comment
Question by:twallin
  • 6
  • 5
  • 4
  • +2
19 Comments
 
LVL 33

Assisted Solution

by:paulmacd
paulmacd earned 230 total points
Comment Utility
Added the user to a group with administrative priviledges?
0
 
LVL 3

Expert Comment

by:andreibutu
Comment Utility
you should add the user in local administrators group on her workstation.
0
 
LVL 3

Assisted Solution

by:rxdeath
rxdeath earned 90 total points
Comment Utility
local permissions and ad permissions are different.  if you need her to have administrator access locally on her machine you will need to go into the users and groups (right click on my computer and do manage) and set her as an administrator locally.
0
 

Author Comment

by:twallin
Comment Utility
I created a user with the same name as the AD name and added that to the local Administrators group. That didn't work. What do you mean by - "Set her as an administrator locally"  "addthe user in local administrators group."
When the user is logged into the domain she is not showing up in the Users and Groups in Manage under My Computer.
0
 
LVL 5

Assisted Solution

by:Noduzz
Noduzz earned 180 total points
Comment Utility
Like everyone else is saying here the user needs to be added to the local admins group on the machine is what it sounds like.  That being said what you can do for the future is in Group Policy you can add a custom group to the local admins on all computers and then just make sure to add the users that need to run that application into that folder.  That would make your job easier in the future but for now you can just add the user to the administrators group on the machine itself.
0
 
LVL 5

Expert Comment

by:Noduzz
Comment Utility
when you add the user to the group you need to make sure you add the user as Domain\Username or Username@domain.com (or .local depending on your domain) also make sure you log the user off the computer and back on.
0
 
LVL 3

Expert Comment

by:andreibutu
Comment Utility
0
 
LVL 3

Expert Comment

by:rxdeath
Comment Utility
when you go to her name in the manage under my computers, it says she is a member of comptuername\administrators or whatever?

that is all it takes to install a program locally


yes i meant add to the local group administrators when i said set her to admin
0
 

Author Comment

by:twallin
Comment Utility
I am unable to add any user to the admin group. it won't accept domain\user and comes back with the error Name Not Found at this location. The location is the workstation name.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 33

Assisted Solution

by:paulmacd
paulmacd earned 230 total points
Comment Utility
Is it possible the problem is with the workstation?  Is it a member of the domain?  Can any other domain user log in to it and use this application successfully?  Can the problem user log in to a different workstation and run the application successfully?
0
 

Author Comment

by:twallin
Comment Utility
The user, newly added to the domain, cannot login to any workstation and run the software. As said above they have to be added to the local administrtors group. That is what I can't seem to do. Yes other user can login and run the app. I have gone to other workstations and cannot add the user to the administrators group. When i try to add the users to admin the dialog does not get the domain. And I have logged in as a domain user with local administrator access and logged in as the local administrator, nothin' doin'. There is no Group Policy in the domain other than the default, I assume because I don't know.
0
 
LVL 33

Accepted Solution

by:
paulmacd earned 230 total points
Comment Utility
To be clear - can every user in the domain run this application on their local computer?  
Do you go around and add every user in the domain to the Local Administrators group so they can run this application?  If so, why not just add Domain Users to the Local Administrators group on your computers?  Then you don't have to add users piecemeal.
I'm at a loss as to how you've managed to set up all the other users in the domain as Local Administrators, but can't get this one set up...


Follow this process and tell us where it breaks down for you:
Right-click on My Computer and select Manage
In Computer Management, under System Tools, expand Local Users and Groups, then select Groups
Right-click on Administrators and select Add To Group
When the properties dialog shows up, click Add...
In the Select Users, Computers, Service Accounts, or Groups dialog, click the Locations... button
In the Locations dialog, select Entire Directory.  Click OK.
Type in the domain name of the user you're trying to add to the Local Administrators group.  Click Check Names and make sure it comes back with a valid account.  Click OK.
You should now see that user in the list of Local Administrators.  Click OK.

Let us know how it goes!
0
 
LVL 5

Assisted Solution

by:Noduzz
Noduzz earned 180 total points
Comment Utility
Try this: log on to the a machine as the user and run this from the command prompt:

gpresult /r

 Then verify what groups the user is a member of and make sure that it the user is a member of all necessary groups.  Specifically look for BUILTIN\Administrators.  You might want to try to add the user to the domain admins group (only temporarily) and log in and run the app to make sure that it is not something other than permissions.
0
 

Author Comment

by:twallin
Comment Utility
paulmacd:
Where it breaks down in is the step - In the Locations dialog, select Entire Directory. The only location that comes up is the local computer.
Noduzz:
gpresult /r did not work
0
 
LVL 33

Expert Comment

by:paulmacd
Comment Utility
Are you logged in as a user in the domain?  If the domain doesn't show up as a location, either the user isn't logged in to the domain or the computer isn't a member of the domain (and so the user isn't logged in to the domain).
0
 
LVL 5

Expert Comment

by:Noduzz
Comment Utility
yeah it sounds like you are not on the domain, liek paul said , if you cant run gpresult its probably because you are not on the domain.
0
 

Author Comment

by:twallin
Comment Utility
paulmacd:
Yes I am logged in as a member of the domain and an administrator og the local PC. The computer in is the domain computers group. So if the environment is not in the domain there is somthing, matbe on the server, not working as should be.
0
 
LVL 33

Expert Comment

by:paulmacd
Comment Utility
Maybe, but it sounds really odd (and maybe really bad) given it's not just a problem with the computer but evidently also a problem with the user.  This points to a possible problem with Active Directory itself, but what that might be, I don't know.
0
 

Author Comment

by:twallin
Comment Utility
paulmacd:
Thanks for your help.
The problem turned out to be on the server with the dns setup. There was none. The ISP dns was kinda hard coded into the router DHCP and handed down to the clients because the router is setup to dhcp. So the dns on the server, running Win srvr 2003, was not setup to give domain information and the ISP dns did not have our local info. After fixing the server dns setup  the domain comes up in the Add User part of the Administrators group on the local computer. And a group policy for the Domain Users group was setup to add the Domain Users group to the local Administrators group. After I learn a little more about Group Policies I will lock down the users access to the work stations.
Also can you suggest a way of distributing points here? I not real sure how to do that.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now