Solved

SBS 2008 Permission - ADUC

Posted on 2011-03-07
3
566 Views
Last Modified: 2012-06-21
Though,  SBS comes with the SBS console as king, we have a small group of only 5 users and for the sake of Pervasive and a proprietary program , we want all users to be domain admins.

When adding the users in the SBS console, network admins weere chosen.

I went to ADUC manually and made all 5 users members and primary for the group domain admins.

One oddity that may be key .   When I right click on my computer , manage and go to users, I do not see a //domain/user listed in the users list.

When jioning to the domain , I was asked If I wanted to add a User to the computer and chose , yes, Administrator local, but oddly I dont see this user in the list.

For the groups in the local computer management snap in though, i do have an administrators group in which all users are listed as domain.

What is a way to login on a local machine as the master domain admin account and to verify that permissions are wide open.

If we could verify this , we could log in temporarily using this accoutn for install purposes and then go back to letting the users work under their normal accounts.

Need Input :)
0
Comment
Question by:bhamguy3131
  • 2
3 Comments
 
LVL 18

Expert Comment

by:Jeremy Weisinger
Comment Utility
If you used the SBS console and selected the network admin role then they should have already been members of the Domain Admins group. There's no need to change the primary group unless there's a specific application that requires it. Most newer applications won't use this.

But having said that I don't think it's a good idea to have all users members of the domain admins group. This gives them permission to do anything on the network. Even if you trust them fully with the data on the network there's the risk that a user will do something by accident and hose your entire network.  Not a good idea. Even a user that administers the network shouldn't user a domain admin account unless they're performing tasks that require that level of permission.

But I digress. What issue are you facing that you're asking about the permission on the local computers. If the user is a domain admin then they'll have full control of every computer joined to the domain.
0
 

Author Comment

by:bhamguy3131
Comment Utility
We are installing Pervasive 10 first and then Skyline 2010 second.  Skylien is a commercial property management software.

One of the machines has Pervasice removed using windows clean installer and now wont re-install.

The other machine installed fine but gets a PVProp error when trying to run a crystal report off the data.

I am told SBS and its granulation of permissions is the issue.

For install purposes only, I am told to turn firewall off , AV off and use a local and domain admin group.

Afyer this , supposedly the install will be perfect in registry , and other places that might otherwise be more read / write sensitive.

1..A good starter question ... Why is the Firewall grayed out on the local machines  ??  It says its part of a GPO policy.  I found this on the SBS console and turned it off but still see the option to turn it off grayed out.

2.  I need to unwind whatever I have done to upset Pervasive 10 by using windows cleanup utility to remove it.  
0
 
LVL 18

Accepted Solution

by:
Jeremy Weisinger earned 500 total points
Comment Utility
Are you tying to install the program on the local computers or the SBS server?

If it's just the local computers then you should remove all users from the domain admins group except for the one user you use to administer the domain. Then in the SBS console you should go to each user and assign them to the computer they use, selecting Local Administrator. This should give them the permissions they need.

To answer question 1, if you disabled the firewall setting in Group Policy then, for the policy change to take effect immediately, on the workstation, open a command prompt and run "gpupdate /force" without quotes. It might ask you to reboot the computer. Do that. Then see if the firewall setting is still grayed out. If it is then you haven't changed the correct setting. Post a screenshot of what you're changing if this is the case.

For question 2, the cleanup utility is no longer supported or available from Microsoft. Skylien really is the one who should help you get the install cleaned up. I checked Pervasive's site and I didn't find any manual removal instructions. Does installing over top of the previous install work?
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now