Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Newbie setup question 1

Status
Not open for further replies.
Coxylaad

Coxylaad

Programmer
Jan 27, 2004
155
GB
Hi,
I am upgrading our workgroup to a domain with srver 2003. I am having some issues when joining the domain from the workstations. I have set up all the user accounts on the server and I have successfully joined the server for a pc, but what it does is create a new user, losing all of the desktop settings and my document etc. This is not a major problem (unless you people tell me I am doing it wrong) as I can copy the necessary files across. The main problem is that the new domain user is not local admin on the computer and therefore lots of strange things are happening, like saying it cant find an access database when clearly its there! also how do you go about installing software when the users logon account does not allow it?

Thanks for you help, and I apologise if this is very beginner type stuff.

Thanks

Ian
 
Sort by date Sort by votes
This is standard behaviour. A domain account is different that a workgroup/local account. Basically, you have a brand new SID (or is GUID, I can never remember) for that account.
For your other problems, why not add the domain account (of the user(s)) to the local administrators group? This will solve most of your other issues.
 
Upvote 0 Downvote
ok back up a touch :)

whats an SID?

and how do I add the domain account to the local administrators group?

Cheers (told you I was new at this)

Ian
 
Upvote 0 Downvote
A SID (Security Identifier)/GUID (Global User Identifier) are what seperates the accounts. What I mean is you can tell who is who in the event logs, and the machine can tell who you are.

For adding a domain account to the local administrators group, you will need to go to the local machine, get into computer management (right click my computer/manage or Start->Settings->Control Panel->Administrative Tools), and when the computer management "control" pops up, you will need to "expand" System Tools->Local Users and Groups->Groups. On the right hand side of the box, doubleclick Administrators. Click Add, make sure that the next box has Users and Groups in the first box, your domain in the second box, and in the last box put the users name (recommend hitting check name before hitting okay). Hit okay, and the user should now be a "local Admin".

You can do this remotely from any computer hooked to the network, but that is for another day.

I recommend you get a great book from Sybex called Mastering Windows Server 2003 by Mark Minasi. It will help you out greatly.
 
Upvote 0 Downvote
Cheers tfg13 you have helped me out loads

regards

Ian
 
Upvote 0 Downvote
Giving admin rights to machine is not the greatest idea unless you have trusted users, even then it opens the machine up to malware and unauthorized changes. I have yet to see a program which will not work with a common user log in, though you may need to increase permissions on certain folders and in the programs registry entries.

Depending on the Access version you may need to give elevated permissions to the everyone group on the Access directory of each machine, also you may need to give elevated permissions on the C:\windows\temp folder.
 
Upvote 0 Downvote
hmmm - thanks for that. I will have a mess about
 
Upvote 0 Downvote
Prewarning, it is a bit intimadating to minipulate programs to work for the common USER, but it pays off. Newer programs and properly programmed software generally works well for any user. If you get stuck post on the forums

If a program does not work..
Go to the directory the software is installed in, add the everyone (or authenicated users) permissions of at least read and execute, you may need modify. Make sure you go to "Advanced", check off "replace permissions entries on child object...." or the permissions changes will not flow down through the directory. A couple of Access versions needed "modify", I believe within the temp directory

In the registry..
look for software entries matching the program in hkey_local_machine, software, and increase the permissions, also do a search (find)throught the registry, and change the permission on entries you find, avoid legacy entries. Most of the time this is all that is needed. Cruise through these reg entries to see if there are reference to other folders or keys related to the software; sometimes a particular program will run multiple software modules, such as Pervasive, which has many keys to set permissions on, keep a look out.
 
Upvote 0 Downvote
Actually it is fun after you have done it a couple of times; it is the previous "couple of times" that hurt. At least you have the posts , when I first ran into this, XP was brand new.

The first time, I had to get software ($ 4000.00 each user, nautical software) going for users which which the supplying company swore would only work as an Admin user; with no help it took a couple of days of pulling my hair out; I was not sure what was stopping the users from accessing the software initially.
 
Upvote 0 Downvote
hmmm - I have tried to add the domain user to the the local administrators group, but when I go to add it I cant find the doman listed in the Locations bit?

Any Ideas?
 
Upvote 0 Downvote
technome,
Coxylaad should have already worked out your comment about "trusted users". He was previously in a workgroup, and stated
also how do you go about installing software when the users logon account does not allow it?
Click to expand...

This sort of comment tells me that he has already trusted the users enough in the workgroup environment to allow local admin rights.

There are plenty of workarounds for all of the "local admin rights" issues. Greg Palmer has an awesome program that allows you to package a program into the "run as" administrator. I just happened to notice that Coxylaad had stated that "sorry for the beginner type stuff". Most likely he is a beginner. Let's not overwhelm him yet....
 
Upvote 0 Downvote
tfg13,

Where's this program that Greg Palmer wrote to "run as" administrator? The one and only program I haven't been able to get to work without the users being atleast power user was Quickbooks Enterprise 5. I tried tracking down all the registry entries and files/folders (regmon and filemon from sysinternals has helped me greatly with other programs) it uses but I never could get it all and I think the program itself actually checks to see group membership (must be atleast power user) in order to run the program. If I right clicked and did run as it would work for the users before this but that would be too cumbersome to do for everyone. BTW we run a TS environment.

Thanks
Tom
 
Upvote 0 Downvote
Thanks for the link I will be checking it out this weekend.
 
Upvote 0 Downvote
right I got it fixed thanks for all your help.
Yeah we are only a small company and and the people using the machines can all be trusted.

The machine that couldnt see the server had every right not to as I had accidentally mis-typed the DNS addres oops!

Thanks again

Ian
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
335
DrB0b
DrB0b
edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
283
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
HyperV Virtual Switch and Physical NIC question
Replies
3
Views
293
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
General Windows Server Datacenter/Standard Licensing Question
Replies
1
Views
198
DrB0b
DrB0b
Krus1972
  • Locked
  • Question
Web.Config URL Rewrite Question
Replies
0
Views
190
Krus1972
Krus1972

Part and Inventory Search

Sponsor

Back
Top