Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is a User Account cached to Server?

Status
Not open for further replies.
wardog25

wardog25

Technical User
Oct 24, 2003
129
US
I am running a batch file on 2003 Server (not the DC) to do some backups. If I run as a domain admin account, it runs fine. If I run it as a domain user, it fails.

So I tried slowly adding rights to that domain user to see what rights were failing and it still never worked. Even when the User had complete domain admin privaledges.

So my question is..... does the server cache that User account and re-use the security rights that it had before? Is it querying the DC every time I run the batch files or just querying a cached version that needs to be updated every time I change rights on that User?

Does this make sense?
 
Sort by date Sort by votes
I know this might sound like a silly question, but did you log out and log back in again after you gave that user domain admin rights? Also, if you're giving the user those additional rights using group membership, you'd have to log out each time then also. Run RSOP on the server and check to see that the user account is listed as having the rights you think it should have. If you're making changes to group policy (as opposed to adding the user to groups that already exist for this purpose) then it may be that:
1. The rights are being overwritten by another policy - especially if you made changes to the local policy
2. Group Policy isn't being applied correct. The event log and RSOP will be able to help you determine what (if anything is failing)

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau
 
Upvote 0 Downvote
I did logout and back in, yes. And it does not work. But the User I log in with is not the one I'm using to run the batch file. The batch file uses something similar to the runas command.

So I'm curious if the runas command I'm using querys the DC every time for that user or if I need to log out every time or what. (since the logout didn't help, it seems like there is something else I need to do)
 
Upvote 0 Downvote
OK, now I understand. What about if you login to windows with that account and run the batch file, does it run OK? Although I don't think the account would need it just to use the runas command. Also, maybe could you give some more detail about what the batch file does and how you know that it's failing

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau
 
Upvote 0 Downvote
I'm using the "schtasks" command in the batch file to schedule the jobs. I'm using the /RU switch in that command to enter a username and password.

If I enter the domain admin username password after /RU, it runs perfectly. Then if I switch to the username for running batch files, it fails. The scheduled task just says running and never finishes. We've tried just about every possible variation of the batch file to see if anything else works, but it basically boils down to a permissions issue. I have been trying to find what permission exactly it needs, though.
 
Upvote 0 Downvote
You say that the scripts are to backup some data - are you backing up from one server to another? Or to removable media?

I really do think you should login with that domain user account and run the batch file manually to see what error it throws up. or try to do some logging from your batch file (using >> C:\logs\mylog.txt may do the trick). Have you checked to see that this account has permissions (minimum read) to the files you want to back up? Although you said that you gave the user domain admin rights, it's possible that domain admin's done have permissions, just the builtin Administrator account.

Also, what rights did you try giving to the account (apart from adding to the Domain Admins group?) and where did you configure them (ie local policy, domain policy etc).

Hopefully we'll get to the bottom of this

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau
 
Upvote 0 Downvote
Backing up data to a share on another server.

I can log in at some point with that user. It's just that the servers are all in use throughout the day and I don't want to do much during that time.

I did some logging of the batch file and if I put a command in front of my backup command, it logs that, but never logs anything after it. So the backup command is what is failing. the log file is then frozen and can't be deleted, so I have to create a new log file every time I test it.

The account is an administrator locally on that server, so it is odd that it wouldn't work. The rights I added to it we added through active directory users and computers in that domain. I gave it all the same rights as a domain admin just to test it, and it never worked.
 
Upvote 0 Downvote
... through active directory users and computers in that domain
Click to expand...
- don't know if this is me being paranoid, but I notice you said THAT domain ... are the source and destination servers in two different domains? If so, do they have any relationship setup (eg trust)? Also, I'd check that the user account has write permissioins on te destination directory on the destination server. It may be that the script is paused waiting for user input (ie credentials to connect to the destination server). I don't know if *.bat files would do this, or if they'd just fail straight away, but I rekon they'd just behave the same as if you manually typed the commands into the command prompt.

Also, one other thing - rather than having to logon to the server with that account, just run explorer as that user and run the batch file manually, or better still, type the commands into a command prompt manually and see what output you get.

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau
 
Upvote 0 Downvote
These 2 are in the same domain. although I will be setting this up across domains as well.

I have 2 batch files. 1 schedules the other one to run. Both run fine on their own at a command prompt.

It's when the scheduler tries to run the other batch file (at night) that there is a problem. Yet that batch file runs fine if you just double click on it. So the scheduler is not running the batch file with the same rights that it runs with if I double click on it.

Well, I just found out that it is the copy part that is failing, not the backup. I tried them seperately and the backup worked fine, but when it tried to copy to the other server, it failed.

I've discovered that it works fine if I manually schedule the 2nd batch file to run. I might just do that rather than troubleshoot the copy part. it adds a little extra time per server to configure, but not that much. Troubleshooting the copy might be a pain since we are using a special tool for that.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
829
DrB0b
DrB0b
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
541
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
724
Aquiles Vidal
Aquiles Vidal
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
1K
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
951
suncit
suncit

Part and Inventory Search

Sponsor

Back
Top