Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SBS 2008 Permission - ADUC

Posted on 2011-03-07
3
Medium Priority
?
578 Views
Last Modified: 2012-06-21
Though,  SBS comes with the SBS console as king, we have a small group of only 5 users and for the sake of Pervasive and a proprietary program , we want all users to be domain admins.

When adding the users in the SBS console, network admins weere chosen.

I went to ADUC manually and made all 5 users members and primary for the group domain admins.

One oddity that may be key .   When I right click on my computer , manage and go to users, I do not see a //domain/user listed in the users list.

When jioning to the domain , I was asked If I wanted to add a User to the computer and chose , yes, Administrator local, but oddly I dont see this user in the list.

For the groups in the local computer management snap in though, i do have an administrators group in which all users are listed as domain.

What is a way to login on a local machine as the master domain admin account and to verify that permissions are wide open.

If we could verify this , we could log in temporarily using this accoutn for install purposes and then go back to letting the users work under their normal accounts.

Need Input :)
0
Comment
Question by:bhamguy3131
  • 2
3 Comments
 
LVL 22

Expert Comment

by:Jeremy Weisinger
ID: 35063538
If you used the SBS console and selected the network admin role then they should have already been members of the Domain Admins group. There's no need to change the primary group unless there's a specific application that requires it. Most newer applications won't use this.

But having said that I don't think it's a good idea to have all users members of the domain admins group. This gives them permission to do anything on the network. Even if you trust them fully with the data on the network there's the risk that a user will do something by accident and hose your entire network.  Not a good idea. Even a user that administers the network shouldn't user a domain admin account unless they're performing tasks that require that level of permission.

But I digress. What issue are you facing that you're asking about the permission on the local computers. If the user is a domain admin then they'll have full control of every computer joined to the domain.
0
 

Author Comment

by:bhamguy3131
ID: 35066988
We are installing Pervasive 10 first and then Skyline 2010 second.  Skylien is a commercial property management software.

One of the machines has Pervasice removed using windows clean installer and now wont re-install.

The other machine installed fine but gets a PVProp error when trying to run a crystal report off the data.

I am told SBS and its granulation of permissions is the issue.

For install purposes only, I am told to turn firewall off , AV off and use a local and domain admin group.

Afyer this , supposedly the install will be perfect in registry , and other places that might otherwise be more read / write sensitive.

1..A good starter question ... Why is the Firewall grayed out on the local machines  ??  It says its part of a GPO policy.  I found this on the SBS console and turned it off but still see the option to turn it off grayed out.

2.  I need to unwind whatever I have done to upset Pervasive 10 by using windows cleanup utility to remove it.  
0
 
LVL 22

Accepted Solution

by:
Jeremy Weisinger earned 2000 total points
ID: 35068800
Are you tying to install the program on the local computers or the SBS server?

If it's just the local computers then you should remove all users from the domain admins group except for the one user you use to administer the domain. Then in the SBS console you should go to each user and assign them to the computer they use, selecting Local Administrator. This should give them the permissions they need.

To answer question 1, if you disabled the firewall setting in Group Policy then, for the policy change to take effect immediately, on the workstation, open a command prompt and run "gpupdate /force" without quotes. It might ask you to reboot the computer. Do that. Then see if the firewall setting is still grayed out. If it is then you haven't changed the correct setting. Post a screenshot of what you're changing if this is the case.

For question 2, the cleanup utility is no longer supported or available from Microsoft. Skylien really is the one who should help you get the install cleaned up. I checked Pervasive's site and I didn't find any manual removal instructions. Does installing over top of the previous install work?
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question