Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SBS 2008 Permission - ADUC

Posted on 2011-03-07
3
Medium Priority
?
576 Views
Last Modified: 2012-06-21
Though,  SBS comes with the SBS console as king, we have a small group of only 5 users and for the sake of Pervasive and a proprietary program , we want all users to be domain admins.

When adding the users in the SBS console, network admins weere chosen.

I went to ADUC manually and made all 5 users members and primary for the group domain admins.

One oddity that may be key .   When I right click on my computer , manage and go to users, I do not see a //domain/user listed in the users list.

When jioning to the domain , I was asked If I wanted to add a User to the computer and chose , yes, Administrator local, but oddly I dont see this user in the list.

For the groups in the local computer management snap in though, i do have an administrators group in which all users are listed as domain.

What is a way to login on a local machine as the master domain admin account and to verify that permissions are wide open.

If we could verify this , we could log in temporarily using this accoutn for install purposes and then go back to letting the users work under their normal accounts.

Need Input :)
0
Comment
Question by:bhamguy3131
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 21

Expert Comment

by:Jeremy Weisinger
ID: 35063538
If you used the SBS console and selected the network admin role then they should have already been members of the Domain Admins group. There's no need to change the primary group unless there's a specific application that requires it. Most newer applications won't use this.

But having said that I don't think it's a good idea to have all users members of the domain admins group. This gives them permission to do anything on the network. Even if you trust them fully with the data on the network there's the risk that a user will do something by accident and hose your entire network.  Not a good idea. Even a user that administers the network shouldn't user a domain admin account unless they're performing tasks that require that level of permission.

But I digress. What issue are you facing that you're asking about the permission on the local computers. If the user is a domain admin then they'll have full control of every computer joined to the domain.
0
 

Author Comment

by:bhamguy3131
ID: 35066988
We are installing Pervasive 10 first and then Skyline 2010 second.  Skylien is a commercial property management software.

One of the machines has Pervasice removed using windows clean installer and now wont re-install.

The other machine installed fine but gets a PVProp error when trying to run a crystal report off the data.

I am told SBS and its granulation of permissions is the issue.

For install purposes only, I am told to turn firewall off , AV off and use a local and domain admin group.

Afyer this , supposedly the install will be perfect in registry , and other places that might otherwise be more read / write sensitive.

1..A good starter question ... Why is the Firewall grayed out on the local machines  ??  It says its part of a GPO policy.  I found this on the SBS console and turned it off but still see the option to turn it off grayed out.

2.  I need to unwind whatever I have done to upset Pervasive 10 by using windows cleanup utility to remove it.  
0
 
LVL 21

Accepted Solution

by:
Jeremy Weisinger earned 2000 total points
ID: 35068800
Are you tying to install the program on the local computers or the SBS server?

If it's just the local computers then you should remove all users from the domain admins group except for the one user you use to administer the domain. Then in the SBS console you should go to each user and assign them to the computer they use, selecting Local Administrator. This should give them the permissions they need.

To answer question 1, if you disabled the firewall setting in Group Policy then, for the policy change to take effect immediately, on the workstation, open a command prompt and run "gpupdate /force" without quotes. It might ask you to reboot the computer. Do that. Then see if the firewall setting is still grayed out. If it is then you haven't changed the correct setting. Post a screenshot of what you're changing if this is the case.

For question 2, the cleanup utility is no longer supported or available from Microsoft. Skylien really is the one who should help you get the install cleaned up. I checked Pervasive's site and I didn't find any manual removal instructions. Does installing over top of the previous install work?
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
What we learned in Webroot's webinar on multi-vector protection.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question