Solved

SBS 2008 Permission - ADUC

Posted on 2011-03-07
3
567 Views
Last Modified: 2012-06-21
Though,  SBS comes with the SBS console as king, we have a small group of only 5 users and for the sake of Pervasive and a proprietary program , we want all users to be domain admins.

When adding the users in the SBS console, network admins weere chosen.

I went to ADUC manually and made all 5 users members and primary for the group domain admins.

One oddity that may be key .   When I right click on my computer , manage and go to users, I do not see a //domain/user listed in the users list.

When jioning to the domain , I was asked If I wanted to add a User to the computer and chose , yes, Administrator local, but oddly I dont see this user in the list.

For the groups in the local computer management snap in though, i do have an administrators group in which all users are listed as domain.

What is a way to login on a local machine as the master domain admin account and to verify that permissions are wide open.

If we could verify this , we could log in temporarily using this accoutn for install purposes and then go back to letting the users work under their normal accounts.

Need Input :)
0
Comment
Question by:bhamguy3131
  • 2
3 Comments
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 35063538
If you used the SBS console and selected the network admin role then they should have already been members of the Domain Admins group. There's no need to change the primary group unless there's a specific application that requires it. Most newer applications won't use this.

But having said that I don't think it's a good idea to have all users members of the domain admins group. This gives them permission to do anything on the network. Even if you trust them fully with the data on the network there's the risk that a user will do something by accident and hose your entire network.  Not a good idea. Even a user that administers the network shouldn't user a domain admin account unless they're performing tasks that require that level of permission.

But I digress. What issue are you facing that you're asking about the permission on the local computers. If the user is a domain admin then they'll have full control of every computer joined to the domain.
0
 

Author Comment

by:bhamguy3131
ID: 35066988
We are installing Pervasive 10 first and then Skyline 2010 second.  Skylien is a commercial property management software.

One of the machines has Pervasice removed using windows clean installer and now wont re-install.

The other machine installed fine but gets a PVProp error when trying to run a crystal report off the data.

I am told SBS and its granulation of permissions is the issue.

For install purposes only, I am told to turn firewall off , AV off and use a local and domain admin group.

Afyer this , supposedly the install will be perfect in registry , and other places that might otherwise be more read / write sensitive.

1..A good starter question ... Why is the Firewall grayed out on the local machines  ??  It says its part of a GPO policy.  I found this on the SBS console and turned it off but still see the option to turn it off grayed out.

2.  I need to unwind whatever I have done to upset Pervasive 10 by using windows cleanup utility to remove it.  
0
 
LVL 18

Accepted Solution

by:
Jeremy Weisinger earned 500 total points
ID: 35068800
Are you tying to install the program on the local computers or the SBS server?

If it's just the local computers then you should remove all users from the domain admins group except for the one user you use to administer the domain. Then in the SBS console you should go to each user and assign them to the computer they use, selecting Local Administrator. This should give them the permissions they need.

To answer question 1, if you disabled the firewall setting in Group Policy then, for the policy change to take effect immediately, on the workstation, open a command prompt and run "gpupdate /force" without quotes. It might ask you to reboot the computer. Do that. Then see if the firewall setting is still grayed out. If it is then you haven't changed the correct setting. Post a screenshot of what you're changing if this is the case.

For question 2, the cleanup utility is no longer supported or available from Microsoft. Skylien really is the one who should help you get the install cleaned up. I checked Pervasive's site and I didn't find any manual removal instructions. Does installing over top of the previous install work?
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now