ericargyle Posted May 7, 2011 Posted May 7, 2011 Ever hear of domain admin rights not propagating to the user at the workstation level when logged in? No changes have been made to default domain policy. Seems to have occurred out of nowhere. Any suggestions on how to fix this? Clearly the joined domain machine recognizes the domain user and authenticates. However, rights do not push. Any help would be excellent.Of note, it seems to be any new users I create in AD. Previously created admins do pull appropriate rights on logged in workstations. Also, this on consistent on Win7 and WinXP clients. Thanks guys.
allen2 Posted May 7, 2011 Posted May 7, 2011 What is in the computer's administrators group ?There should be domain admins (by default) and so as long your users belong to domain admins group, they should have admins rights on the computer.How did you found that domains admins don't have admin rights on computers ?
ericargyle Posted May 9, 2011 Author Posted May 9, 2011 I rannet user username \domainThe funny thing is that it tells me I'm a member of the local group: administrators. However, I have no access to control panel, or installing apps, etc.Any help would be great.
allen2 Posted May 9, 2011 Posted May 9, 2011 The net user username /domain doesn't do what you think: it retrieve the user's group membership in AD not locally and that what i asked.Try running:net localgroup administratorsIt should show users/groups belonging to the local administrators group.
ericargyle Posted May 14, 2011 Author Posted May 14, 2011 Thanks Allen. The issue was Domain Admins were in the local admins group, administrators on the domain were not. I pushed it out with Restricted Groups and that did the trick for affected users.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now