Solved

Why cannot I add "Administrators" (the built-in domain local group) to access network resources?

Posted on 2016-11-09
2
49 Views
Last Modified: 2016-11-09
I was taught to use a Domain Local group rather than a Global group for the resources. But I just found out I was not able to apply the built-in domain local group "Administrators" onto network resources while no problem with Domain Admins (a global group). Why is that?
0
Comment
Question by:Castlewood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 3

Accepted Solution

by:
Sreejith Sugathan earned 500 total points
ID: 41880737
The Administrators group is a "Domain Local" and not a "Domain Global" and hence you cannot use it as a group when adding file security. On older OS like 2003 you will be able to  - but not from 2008 onwards. Will need to use the Domain Admins group instead.
0
 

Author Closing Comment

by:Castlewood
ID: 41881035
Got confirmed that the Built-in Domain Local groups can be applied only on the Domain Controllers. Other domain local groups than those built-in on AD are available to be applied on network resources of this domain.  

Besides, every server or workstation does have its own Built-in Administrators group, whose scope obviously is on the local computer only.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question