Windows Server 2000/2003 Thread, Domain User as Local Admin - am I going mad? (Server 2003) in Technical; I am trying to install Microlibrarian on a 32 bit Windows 7 Pro computer and it seems that in order ...
14th May 2012, 07:48 PM #1
Domain User as Local Admin - am I going mad? (Server 2003)
I am trying to install Microlibrarian on a 32 bit Windows 7 Pro computer and it seems that in order to register the thumbprints, the user must be a local administrator. I want to make the librarian's domain account a local admin on this computer only.
I thought I had done it but when I log in as her I don't get the usual desktop which is covered in icons including the one for the library system, I get the first 10 icons only, which are normally found on the domain network manager's desktop.( The domain network manager doesn't have all the program icons etc). She certainly seems to be an admin as she can see the C drive which normal users cannot.
I really need her to be able to see all the usual icons AND have local admin access.
Can someone talk me through this? I don't see what I have done wrong but I don't want to prejudice anyone so I am not going to tell you what I did
IDG Tech News
14th May 2012, 07:56 PM #2
Just add her user account to the local administrators group?
14th May 2012, 08:01 PM #3
I agree as above, create a domain user, but then on the local workstation open up MMC and under local admins, either add 'domain users' or the user's username to the list then reboot.
14th May 2012, 08:01 PM #4
Thanks Ben, and Michael - that is EXACTLY what I did - but the result is as you see.
At least I am NOT going mad - I had got to the point where I really thought I had done something unbelievably stupid.
Now I know I didnt - what's going on then??
The only thing I didnt say was that I tried with her own account with the results as above, so then I created a new user called library, put it in the same place as all the staff accounts so it would pick up the redirected desktop etc and the result was exactly the same as above....
14th May 2012, 08:17 PM #5
It sounds like Group Policy isn't applying properly?
14th May 2012, 08:35 PM #6
If the software just requires the user account to be a member of the LOCAL ADMINISTRATORS group then group policies etc. wouldn't affect this. If the user account is in the Local Admin's group then.. it's in the Local Admins Group.
Originally Posted by elsiegee40
:/ seems weird to me..
@witch When you have logged on as the account, go to Command Prompt, type: gpresult /r and press enter.
look at the section which shows you "The user is a part of the following security groups" and see what it states.
14th May 2012, 08:39 PM #7
The accounts in question log on fine as long as I havent added them as local admins on the machine and all group policies are there.
I'll have a look at that tomorrow, thanks James
14th May 2012, 08:39 PM #8
And when you are logging in as this user... are you logging in to the domain or to the local machine?
14th May 2012, 08:41 PM #9
The domain - I need her to be able to see all the domain stuff. It is just that in order to use the fingerprint program, she needs to be an admin
Originally Posted by elsiegee40
14th May 2012, 09:05 PM #10
An admin for a fingerprint software?!?
I hate software like that!! What software is it? It may be that its permissions on certain directories which would be a better option as it wouldn't open your system up to any threats from a user installing/infecting the local machine.
14th May 2012, 09:27 PM #11
Microlibrarian. We are just moving up to the web version.
15th May 2012, 09:01 AM #12
Right. Have had a look and it says the user is part of the following security groups:
NT AUTHORITY INTERACTIVE
NT AUTHORITY\AUTHENTICATED USERS
High Mandatory Level
So - are we saying that if the user is a local admin, despite being logged on as a domain user ON the domain, they will pick up the local admin stuff and not the domain?
I just want this user to pick up the redirected folder!!
Last edited by witch; 15th May 2012 at 09:03 AM.
15th May 2012, 09:08 AM #13
Have you got any computer policies from the domain applying to the library PC?
15th May 2012, 09:35 AM #14
According to GP result, all the appropriate policies are applying, from default domain downwards. Whilst the shortcuts dont appear I can see that the policies are applying by thigns like the RUN COMMAND DISAPPEARING EVERY TIME I LOG OFF AND ON AGAIN!!!!!
So, I thought OK if it is acting like a local machine I will create a shortcut for the desktop...BUT that doesnt appear which means that the policies are applying that only allow redirected folder icons - EXCEPT THEY DON'T APPEAR!!!
Gah.... I just need the librarian to be able to access the microlibrarian website as an local administrator (but on the domain) via some kind of shortcut PLEASE can someone help??
Last edited by witch; 15th May 2012 at 09:43 AM.
15th May 2012, 09:47 AM #15
If you use the original login again for the librarian, i.e. no admin rights, and set up a new account for the running of the thumbprint software (with admin rights), you should then be able to set in the compatibility setting to always run as admin.
This way when the librarian runs the software it will ask for authentication and you can put in the admin user's credentials, or use RunasSPC to automate it if it doesn't need to be that secure (or you don't mind anyone using it on the librarians comp)
By reggiep in forum Windows Server 2008
Last Post: 6th September 2010, 01:52 PM
By KWestos in forum Thin Client and Virtual Machines
Last Post: 30th September 2009, 10:58 PM
By TechSupp in forum Scripts
Last Post: 22nd September 2008, 12:54 PM
By actech in forum Windows
Last Post: 14th May 2008, 09:04 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)