+ Post New Thread
Results 1 to 5 of 5
Windows Server 2008 R2 Thread, Setting up extra admin accounts in Technical; At the moment all our team are using the default 'Administrator' account to access the servers, change file permissions and ...
  1. #1

    Join Date
    Jan 2007
    Thank Post
    Thanked 48 Times in 28 Posts
    Rep Power

    Setting up extra admin accounts

    At the moment all our team are using the default 'Administrator' account to access the servers, change file permissions and so on.

    My aim is to have individual named admin accounts for each member of the team for proper auditing purposes and so on.

    What I have done is created a 'Admin users' OU and then selected the built in Administrator account and used the 'Copy' function several times to create the new custom admin user accounts. The theory being they would pick up all the same permissions as the Administrator account.

    However, it isn't working properly!

    They can't seem to create user accounts in Active Directory using our custom CSV import script and every time they try to access stuff on the file server they get 'You need permission...presss OK to get permission' which does give them permission but adds an entry for their user account to the ACL which gets a bit messy and they should already have access as 'Domain Admins' have full control to the folders and files and they are in the 'Domain Admins' group!

    Does anyone have any clue what I'm doing wrong? It all seemed so simple!

  2. #2
    Gaz is offline

    Join Date
    Feb 2011
    Thank Post
    Thanked 75 Times in 64 Posts
    Rep Power
    I've never done it but I thought it would have been a case of creating a new user and making that user a member of the "Administrators" group under "builtin"
    The same goes for other groups.

  3. #3

    Join Date
    Feb 2007
    Thank Post
    Thanked 803 Times in 718 Posts
    Rep Power
    Put them in the "Domain Admins" group.

    (Compare the group memberships between a working and non working one)

  4. #4
    ADMaster's Avatar
    Join Date
    May 2012
    Thank Post
    Thanked 38 Times in 33 Posts
    Rep Power
    also look at the file / folder permissions. If the permissions are set to allow the administrator vs Administrators or Domain Admins, you will get this.

    Change the file / folder permissions to reflect the group and not the user.

    For AD as long as they are in the domain admins group they should be able to do anything. You could also look at the delegation of control wizard to assign specific roles to them without making them a domain admin.

  5. #5
    noxigen's Avatar
    Join Date
    May 2013
    Nashville, TN USA
    Thank Post
    Thanked 0 Times in 0 Posts
    Rep Power
    I know this is an old thread, but please don't just put a large group of people in "Domain Admins". Create a domain security group, put those people in it and then add that group to the local administrators group on each server that they need to manage. Even then, only if they really need full admin rights on those servers.

+ Post New Thread

Similar Threads

  1. Setting up home wireless network with MAC and PC..?
    By tosca925 in forum General Chat
    Replies: 6
    Last Post: 21st November 2011, 04:39 PM
  2. local admin account re-set remotely BULK
    By Gavinc in forum Windows
    Replies: 11
    Last Post: 18th December 2008, 08:32 PM
  3. Setting up remote access to staff user accounts
    By firefox_2006 in forum How do you do....it?
    Replies: 9
    Last Post: 19th May 2008, 12:30 PM
  4. Replies: 3
    Last Post: 19th January 2007, 11:06 AM
  5. Setting Up A Users Account ... Help Wanted Please...
    By tickmike in forum How do you do....it?
    Replies: 18
    Last Post: 8th September 2006, 08:50 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts