• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 349
  • Last Modified:

User setup

I add a user into my Active Directory. Make the settings in "Properties" the same as every other user in the AD. When the user goes and logs into her workstation she is not able to run the application that we are running on the network. She need to have Administrator access on the workstation to be able to run the app. What have I not done to allow the user to work on the computer as an administrator?
0
twallin
Asked:
twallin
  • 6
  • 5
  • 4
  • +2
6 Solutions
 
Paul MacDonaldDirector, Information SystemsCommented:
Added the user to a group with administrative priviledges?
0
 
andreibutuCommented:
you should add the user in local administrators group on her workstation.
0
 
rxdeathCommented:
local permissions and ad permissions are different.  if you need her to have administrator access locally on her machine you will need to go into the users and groups (right click on my computer and do manage) and set her as an administrator locally.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
twallinAuthor Commented:
I created a user with the same name as the AD name and added that to the local Administrators group. That didn't work. What do you mean by - "Set her as an administrator locally"  "addthe user in local administrators group."
When the user is logged into the domain she is not showing up in the Users and Groups in Manage under My Computer.
0
 
NoduzzCommented:
Like everyone else is saying here the user needs to be added to the local admins group on the machine is what it sounds like.  That being said what you can do for the future is in Group Policy you can add a custom group to the local admins on all computers and then just make sure to add the users that need to run that application into that folder.  That would make your job easier in the future but for now you can just add the user to the administrators group on the machine itself.
0
 
NoduzzCommented:
when you add the user to the group you need to make sure you add the user as Domain\Username or Username@domain.com (or .local depending on your domain) also make sure you log the user off the computer and back on.
0
 
rxdeathCommented:
when you go to her name in the manage under my computers, it says she is a member of comptuername\administrators or whatever?

that is all it takes to install a program locally


yes i meant add to the local group administrators when i said set her to admin
0
 
twallinAuthor Commented:
I am unable to add any user to the admin group. it won't accept domain\user and comes back with the error Name Not Found at this location. The location is the workstation name.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
Is it possible the problem is with the workstation?  Is it a member of the domain?  Can any other domain user log in to it and use this application successfully?  Can the problem user log in to a different workstation and run the application successfully?
0
 
twallinAuthor Commented:
The user, newly added to the domain, cannot login to any workstation and run the software. As said above they have to be added to the local administrtors group. That is what I can't seem to do. Yes other user can login and run the app. I have gone to other workstations and cannot add the user to the administrators group. When i try to add the users to admin the dialog does not get the domain. And I have logged in as a domain user with local administrator access and logged in as the local administrator, nothin' doin'. There is no Group Policy in the domain other than the default, I assume because I don't know.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
To be clear - can every user in the domain run this application on their local computer?  
Do you go around and add every user in the domain to the Local Administrators group so they can run this application?  If so, why not just add Domain Users to the Local Administrators group on your computers?  Then you don't have to add users piecemeal.
I'm at a loss as to how you've managed to set up all the other users in the domain as Local Administrators, but can't get this one set up...


Follow this process and tell us where it breaks down for you:
Right-click on My Computer and select Manage
In Computer Management, under System Tools, expand Local Users and Groups, then select Groups
Right-click on Administrators and select Add To Group
When the properties dialog shows up, click Add...
In the Select Users, Computers, Service Accounts, or Groups dialog, click the Locations... button
In the Locations dialog, select Entire Directory.  Click OK.
Type in the domain name of the user you're trying to add to the Local Administrators group.  Click Check Names and make sure it comes back with a valid account.  Click OK.
You should now see that user in the list of Local Administrators.  Click OK.

Let us know how it goes!
0
 
NoduzzCommented:
Try this: log on to the a machine as the user and run this from the command prompt:

gpresult /r

 Then verify what groups the user is a member of and make sure that it the user is a member of all necessary groups.  Specifically look for BUILTIN\Administrators.  You might want to try to add the user to the domain admins group (only temporarily) and log in and run the app to make sure that it is not something other than permissions.
0
 
twallinAuthor Commented:
paulmacd:
Where it breaks down in is the step - In the Locations dialog, select Entire Directory. The only location that comes up is the local computer.
Noduzz:
gpresult /r did not work
0
 
Paul MacDonaldDirector, Information SystemsCommented:
Are you logged in as a user in the domain?  If the domain doesn't show up as a location, either the user isn't logged in to the domain or the computer isn't a member of the domain (and so the user isn't logged in to the domain).
0
 
NoduzzCommented:
yeah it sounds like you are not on the domain, liek paul said , if you cant run gpresult its probably because you are not on the domain.
0
 
twallinAuthor Commented:
paulmacd:
Yes I am logged in as a member of the domain and an administrator og the local PC. The computer in is the domain computers group. So if the environment is not in the domain there is somthing, matbe on the server, not working as should be.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
Maybe, but it sounds really odd (and maybe really bad) given it's not just a problem with the computer but evidently also a problem with the user.  This points to a possible problem with Active Directory itself, but what that might be, I don't know.
0
 
twallinAuthor Commented:
paulmacd:
Thanks for your help.
The problem turned out to be on the server with the dns setup. There was none. The ISP dns was kinda hard coded into the router DHCP and handed down to the clients because the router is setup to dhcp. So the dns on the server, running Win srvr 2003, was not setup to give domain information and the ISP dns did not have our local info. After fixing the server dns setup  the domain comes up in the Add User part of the Administrators group on the local computer. And a group policy for the Domain Users group was setup to add the Domain Users group to the local Administrators group. After I learn a little more about Group Policies I will lock down the users access to the work stations.
Also can you suggest a way of distributing points here? I not real sure how to do that.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 6
  • 5
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now