Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 591
  • Last Modified:

SBS 2008 Permission - ADUC

Though,  SBS comes with the SBS console as king, we have a small group of only 5 users and for the sake of Pervasive and a proprietary program , we want all users to be domain admins.

When adding the users in the SBS console, network admins weere chosen.

I went to ADUC manually and made all 5 users members and primary for the group domain admins.

One oddity that may be key .   When I right click on my computer , manage and go to users, I do not see a //domain/user listed in the users list.

When jioning to the domain , I was asked If I wanted to add a User to the computer and chose , yes, Administrator local, but oddly I dont see this user in the list.

For the groups in the local computer management snap in though, i do have an administrators group in which all users are listed as domain.

What is a way to login on a local machine as the master domain admin account and to verify that permissions are wide open.

If we could verify this , we could log in temporarily using this accoutn for install purposes and then go back to letting the users work under their normal accounts.

Need Input :)
0
bhamguy3131
Asked:
bhamguy3131
  • 2
1 Solution
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
If you used the SBS console and selected the network admin role then they should have already been members of the Domain Admins group. There's no need to change the primary group unless there's a specific application that requires it. Most newer applications won't use this.

But having said that I don't think it's a good idea to have all users members of the domain admins group. This gives them permission to do anything on the network. Even if you trust them fully with the data on the network there's the risk that a user will do something by accident and hose your entire network.  Not a good idea. Even a user that administers the network shouldn't user a domain admin account unless they're performing tasks that require that level of permission.

But I digress. What issue are you facing that you're asking about the permission on the local computers. If the user is a domain admin then they'll have full control of every computer joined to the domain.
0
 
bhamguy3131Author Commented:
We are installing Pervasive 10 first and then Skyline 2010 second.  Skylien is a commercial property management software.

One of the machines has Pervasice removed using windows clean installer and now wont re-install.

The other machine installed fine but gets a PVProp error when trying to run a crystal report off the data.

I am told SBS and its granulation of permissions is the issue.

For install purposes only, I am told to turn firewall off , AV off and use a local and domain admin group.

Afyer this , supposedly the install will be perfect in registry , and other places that might otherwise be more read / write sensitive.

1..A good starter question ... Why is the Firewall grayed out on the local machines  ??  It says its part of a GPO policy.  I found this on the SBS console and turned it off but still see the option to turn it off grayed out.

2.  I need to unwind whatever I have done to upset Pervasive 10 by using windows cleanup utility to remove it.  
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Are you tying to install the program on the local computers or the SBS server?

If it's just the local computers then you should remove all users from the domain admins group except for the one user you use to administer the domain. Then in the SBS console you should go to each user and assign them to the computer they use, selecting Local Administrator. This should give them the permissions they need.

To answer question 1, if you disabled the firewall setting in Group Policy then, for the policy change to take effect immediately, on the workstation, open a command prompt and run "gpupdate /force" without quotes. It might ask you to reboot the computer. Do that. Then see if the firewall setting is still grayed out. If it is then you haven't changed the correct setting. Post a screenshot of what you're changing if this is the case.

For question 2, the cleanup utility is no longer supported or available from Microsoft. Skylien really is the one who should help you get the install cleaned up. I checked Pervasive's site and I didn't find any manual removal instructions. Does installing over top of the previous install work?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now