Q

Permissions being set locally by computer rather than AD

I have a Windows XP computer that was upgraded from Windows 2000. I also have a Windows 2000 Server running Active Directory as my domain controller. When I log on to the XP computer and the Windows 2000 domain, my permissions on the computer are not what I assigned to the user in Active Directory. Specifically, I have placed the user in the Administrators group in Active Directory, but when I log on as that user I don't have administrator level privileges. I can't browse to system folders, can't change IP settings, etc. What it looks like is that the permissions are somehow being set locally by the computer, and not by the Active Directory, even though the user is logging on to the Domain. Any ideas why this is happening, and how to fix it?
The Administrators group in Active Directory would be local ONLY to the domain controllers. If you want a user account to be a local administrator on other servers and workstations you will either:

1) Put them in the Domain Admins group in AD as this group is automatically an administrator on all servers and workstations.

2) Specifically add the user to the Local Administrators group ON THE WORKSTATION.
This was first published in June 2004

Dig deeper on Microsoft Active Directory

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close