Ask the Expert

Permissions being set locally by computer rather than AD

I have a Windows XP computer that was upgraded from Windows 2000. I also have a Windows 2000 Server running Active Directory as my domain controller. When I log on to the XP computer and the Windows 2000 domain, my permissions on the computer are not what I assigned to the user in Active Directory. Specifically, I have placed the user in the Administrators group in Active Directory, but when I log on as that user I don't have administrator level privileges. I can't browse to system folders, can't change IP settings, etc. What it looks like is that the permissions are somehow being set locally by the computer, and not by the Active Directory, even though the user is logging on to the Domain. Any ideas why this is happening, and how to fix it?

Requires Free Membership to View

The Administrators group in Active Directory would be local ONLY to the domain controllers. If you want a user account to be a local administrator on other servers and workstations you will either:

1) Put them in the Domain Admins group in AD as this group is automatically an administrator on all servers and workstations.

2) Specifically add the user to the Local Administrators group ON THE WORKSTATION.

This was first published in June 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: