Solved

User setup

Posted on 2011-02-15
19
343 Views
Last Modified: 2012-05-11
I add a user into my Active Directory. Make the settings in "Properties" the same as every other user in the AD. When the user goes and logs into her workstation she is not able to run the application that we are running on the network. She need to have Administrator access on the workstation to be able to run the app. What have I not done to allow the user to work on the computer as an administrator?
0
Comment
Question by:twallin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 4
  • +2
19 Comments
 
LVL 34

Assisted Solution

by:Paul MacDonald
Paul MacDonald earned 230 total points
ID: 34900486
Added the user to a group with administrative priviledges?
0
 
LVL 3

Expert Comment

by:andreibutu
ID: 34900500
you should add the user in local administrators group on her workstation.
0
 
LVL 3

Assisted Solution

by:rxdeath
rxdeath earned 90 total points
ID: 34900502
local permissions and ad permissions are different.  if you need her to have administrator access locally on her machine you will need to go into the users and groups (right click on my computer and do manage) and set her as an administrator locally.
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 

Author Comment

by:twallin
ID: 34900652
I created a user with the same name as the AD name and added that to the local Administrators group. That didn't work. What do you mean by - "Set her as an administrator locally"  "addthe user in local administrators group."
When the user is logged into the domain she is not showing up in the Users and Groups in Manage under My Computer.
0
 
LVL 5

Assisted Solution

by:Noduzz
Noduzz earned 180 total points
ID: 34900673
Like everyone else is saying here the user needs to be added to the local admins group on the machine is what it sounds like.  That being said what you can do for the future is in Group Policy you can add a custom group to the local admins on all computers and then just make sure to add the users that need to run that application into that folder.  That would make your job easier in the future but for now you can just add the user to the administrators group on the machine itself.
0
 
LVL 5

Expert Comment

by:Noduzz
ID: 34900704
when you add the user to the group you need to make sure you add the user as Domain\Username or Username@domain.com (or .local depending on your domain) also make sure you log the user off the computer and back on.
0
 
LVL 3

Expert Comment

by:andreibutu
ID: 34900712
0
 
LVL 3

Expert Comment

by:rxdeath
ID: 34900719
when you go to her name in the manage under my computers, it says she is a member of comptuername\administrators or whatever?

that is all it takes to install a program locally


yes i meant add to the local group administrators when i said set her to admin
0
 

Author Comment

by:twallin
ID: 34902806
I am unable to add any user to the admin group. it won't accept domain\user and comes back with the error Name Not Found at this location. The location is the workstation name.
0
 
LVL 34

Assisted Solution

by:Paul MacDonald
Paul MacDonald earned 230 total points
ID: 34906519
Is it possible the problem is with the workstation?  Is it a member of the domain?  Can any other domain user log in to it and use this application successfully?  Can the problem user log in to a different workstation and run the application successfully?
0
 

Author Comment

by:twallin
ID: 34907349
The user, newly added to the domain, cannot login to any workstation and run the software. As said above they have to be added to the local administrtors group. That is what I can't seem to do. Yes other user can login and run the app. I have gone to other workstations and cannot add the user to the administrators group. When i try to add the users to admin the dialog does not get the domain. And I have logged in as a domain user with local administrator access and logged in as the local administrator, nothin' doin'. There is no Group Policy in the domain other than the default, I assume because I don't know.
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 230 total points
ID: 34907467
To be clear - can every user in the domain run this application on their local computer?  
Do you go around and add every user in the domain to the Local Administrators group so they can run this application?  If so, why not just add Domain Users to the Local Administrators group on your computers?  Then you don't have to add users piecemeal.
I'm at a loss as to how you've managed to set up all the other users in the domain as Local Administrators, but can't get this one set up...


Follow this process and tell us where it breaks down for you:
Right-click on My Computer and select Manage
In Computer Management, under System Tools, expand Local Users and Groups, then select Groups
Right-click on Administrators and select Add To Group
When the properties dialog shows up, click Add...
In the Select Users, Computers, Service Accounts, or Groups dialog, click the Locations... button
In the Locations dialog, select Entire Directory.  Click OK.
Type in the domain name of the user you're trying to add to the Local Administrators group.  Click Check Names and make sure it comes back with a valid account.  Click OK.
You should now see that user in the list of Local Administrators.  Click OK.

Let us know how it goes!
0
 
LVL 5

Assisted Solution

by:Noduzz
Noduzz earned 180 total points
ID: 34907540
Try this: log on to the a machine as the user and run this from the command prompt:

gpresult /r

 Then verify what groups the user is a member of and make sure that it the user is a member of all necessary groups.  Specifically look for BUILTIN\Administrators.  You might want to try to add the user to the domain admins group (only temporarily) and log in and run the app to make sure that it is not something other than permissions.
0
 

Author Comment

by:twallin
ID: 34908423
paulmacd:
Where it breaks down in is the step - In the Locations dialog, select Entire Directory. The only location that comes up is the local computer.
Noduzz:
gpresult /r did not work
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 34908517
Are you logged in as a user in the domain?  If the domain doesn't show up as a location, either the user isn't logged in to the domain or the computer isn't a member of the domain (and so the user isn't logged in to the domain).
0
 
LVL 5

Expert Comment

by:Noduzz
ID: 34908579
yeah it sounds like you are not on the domain, liek paul said , if you cant run gpresult its probably because you are not on the domain.
0
 

Author Comment

by:twallin
ID: 34909419
paulmacd:
Yes I am logged in as a member of the domain and an administrator og the local PC. The computer in is the domain computers group. So if the environment is not in the domain there is somthing, matbe on the server, not working as should be.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 34909966
Maybe, but it sounds really odd (and maybe really bad) given it's not just a problem with the computer but evidently also a problem with the user.  This points to a possible problem with Active Directory itself, but what that might be, I don't know.
0
 

Author Comment

by:twallin
ID: 34911012
paulmacd:
Thanks for your help.
The problem turned out to be on the server with the dns setup. There was none. The ISP dns was kinda hard coded into the router DHCP and handed down to the clients because the router is setup to dhcp. So the dns on the server, running Win srvr 2003, was not setup to give domain information and the ISP dns did not have our local info. After fixing the server dns setup  the domain comes up in the Add User part of the Administrators group on the local computer. And a group policy for the Domain Users group was setup to add the Domain Users group to the local Administrators group. After I learn a little more about Group Policies I will lock down the users access to the work stations.
Also can you suggest a way of distributing points here? I not real sure how to do that.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Master DC completely died 15 66
Pop-up allow list 6 40
Can't ping new computer 17 48
Exchange, OWA, PROXY 7 59
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question