+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Windows Server 2000/2003 Thread, Domain User as Local Admin - am I going mad? (Server 2003) in Technical; I am trying to install Microlibrarian on a 32 bit Windows 7 Pro computer and it seems that in order ...
  1. #1

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,047
    Thank Post
    1,424
    Thanked 2,455 Times in 1,716 Posts
    Rep Power
    717

    Domain User as Local Admin - am I going mad? (Server 2003)

    I am trying to install Microlibrarian on a 32 bit Windows 7 Pro computer and it seems that in order to register the thumbprints, the user must be a local administrator. I want to make the librarian's domain account a local admin on this computer only.
    I thought I had done it but when I log in as her I don't get the usual desktop which is covered in icons including the one for the library system, I get the first 10 icons only, which are normally found on the domain network manager's desktop.( The domain network manager doesn't have all the program icons etc). She certainly seems to be an admin as she can see the C drive which normal users cannot.
    I really need her to be able to see all the usual icons AND have local admin access.
    Can someone talk me through this? I don't see what I have done wrong but I don't want to prejudice anyone so I am not going to tell you what I did

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,316
    Thank Post
    681
    Thanked 1,650 Times in 1,471 Posts
    Rep Power
    425
    Just add her user account to the local administrators group?

    Ben

  3. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    I agree as above, create a domain user, but then on the local workstation open up MMC and under local admins, either add 'domain users' or the user's username to the list then reboot.

  4. #4

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,047
    Thank Post
    1,424
    Thanked 2,455 Times in 1,716 Posts
    Rep Power
    717
    Thanks Ben, and Michael - that is EXACTLY what I did - but the result is as you see.
    At least I am NOT going mad - I had got to the point where I really thought I had done something unbelievably stupid.
    Now I know I didnt - what's going on then??
    The only thing I didnt say was that I tried with her own account with the results as above, so then I created a new user called library, put it in the same place as all the staff accounts so it would pick up the redirected desktop etc and the result was exactly the same as above....

  5. #5

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    9,826
    Thank Post
    1,823
    Thanked 2,252 Times in 1,658 Posts
    Rep Power
    805
    It sounds like Group Policy isn't applying properly?

  6. #6

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,069
    Thank Post
    160
    Thanked 926 Times in 728 Posts
    Blog Entries
    3
    Rep Power
    273
    Quote Originally Posted by elsiegee40 View Post
    It sounds like Group Policy isn't applying properly?
    If the software just requires the user account to be a member of the LOCAL ADMINISTRATORS group then group policies etc. wouldn't affect this. If the user account is in the Local Admin's group then.. it's in the Local Admins Group.

    :/ seems weird to me..
    @witch When you have logged on as the account, go to Command Prompt, type: gpresult /r and press enter.

    look at the section which shows you "The user is a part of the following security groups" and see what it states.

    James.

  7. #7

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,047
    Thank Post
    1,424
    Thanked 2,455 Times in 1,716 Posts
    Rep Power
    717
    The accounts in question log on fine as long as I havent added them as local admins on the machine and all group policies are there.
    I'll have a look at that tomorrow, thanks James

  8. #8

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    9,826
    Thank Post
    1,823
    Thanked 2,252 Times in 1,658 Posts
    Rep Power
    805
    And when you are logging in as this user... are you logging in to the domain or to the local machine?

  9. #9

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,047
    Thank Post
    1,424
    Thanked 2,455 Times in 1,716 Posts
    Rep Power
    717
    Quote Originally Posted by elsiegee40 View Post
    And when you are logging in as this user... are you logging in to the domain or to the local machine?
    The domain - I need her to be able to see all the domain stuff. It is just that in order to use the fingerprint program, she needs to be an admin

  10. #10
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,354
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    An admin for a fingerprint software?!?

    I hate software like that!! What software is it? It may be that its permissions on certain directories which would be a better option as it wouldn't open your system up to any threats from a user installing/infecting the local machine.

  11. #11

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,047
    Thank Post
    1,424
    Thanked 2,455 Times in 1,716 Posts
    Rep Power
    717
    Microlibrarian. We are just moving up to the web version.

  12. #12

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,047
    Thank Post
    1,424
    Thanked 2,455 Times in 1,716 Posts
    Rep Power
    717
    Right. Have had a look and it says the user is part of the following security groups:
    Domain User
    Everyone
    BUILTIN\Administrators
    BUILTIN\Users
    NT AUTHORITY INTERACTIVE
    CONSOLE LOGON
    NT AUTHORITY\AUTHENTICATED USERS
    This organisation
    local
    All_staff
    High Mandatory Level
    So - are we saying that if the user is a local admin, despite being logged on as a domain user ON the domain, they will pick up the local admin stuff and not the domain?
    I just want this user to pick up the redirected folder!!
    Last edited by witch; 15th May 2012 at 08:03 AM.

  13. #13


    Join Date
    Sep 2008
    Posts
    1,793
    Thank Post
    331
    Thanked 261 Times in 213 Posts
    Rep Power
    120
    Have you got any computer policies from the domain applying to the library PC?

  14. #14

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,047
    Thank Post
    1,424
    Thanked 2,455 Times in 1,716 Posts
    Rep Power
    717
    According to GP result, all the appropriate policies are applying, from default domain downwards. Whilst the shortcuts dont appear I can see that the policies are applying by thigns like the RUN COMMAND DISAPPEARING EVERY TIME I LOG OFF AND ON AGAIN!!!!!
    So, I thought OK if it is acting like a local machine I will create a shortcut for the desktop...BUT that doesnt appear which means that the policies are applying that only allow redirected folder icons - EXCEPT THEY DON'T APPEAR!!!
    Gah.... I just need the librarian to be able to access the microlibrarian website as an local administrator (but on the domain) via some kind of shortcut PLEASE can someone help??
    Last edited by witch; 15th May 2012 at 08:43 AM.

  15. #15
    cromertech's Avatar
    Join Date
    Dec 2007
    Location
    Cromer by the coast
    Posts
    731
    Thank Post
    177
    Thanked 109 Times in 97 Posts
    Rep Power
    54
    If you use the original login again for the librarian, i.e. no admin rights, and set up a new account for the running of the thumbprint software (with admin rights), you should then be able to set in the compatibility setting to always run as admin.
    This way when the librarian runs the software it will ask for authentication and you can put in the admin user's credentials, or use RunasSPC to automate it if it doesn't need to be that secure (or you don't mind anyone using it on the librarians comp)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. XP machine logging in domain user as local admin?
    By reggiep in forum Windows Server 2008
    Replies: 3
    Last Post: 6th September 2010, 12:52 PM
  2. Domain Admin cannot perform functions as local admin
    By KWestos in forum Thin Client and Virtual Machines
    Replies: 3
    Last Post: 30th September 2009, 09:58 PM
  3. add user as local admin
    By TechSupp in forum Scripts
    Replies: 2
    Last Post: 22nd September 2008, 11:54 AM
  4. Users as local admins for logon script?
    By actech in forum Windows
    Replies: 12
    Last Post: 14th May 2008, 08:04 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •