I have a Windows XP computer that was upgraded from Windows 2000. I also have a Windows 2000 Server running Active Directory as my domain controller. When I log on to the XP computer and the Windows 2000 domain, my permissions on the computer are not what I assigned to the user in Active Directory. Specifically, I have placed the user in the Administrators group in Active Directory, but when I log on as that user I don't have administrator level privileges. I can't browse to system folders, can't change IP settings, etc. What it looks like is that the permissions are somehow being set locally by the computer, and not by the Active Directory, even though the user is logging on to the Domain. Any ideas why this is happening, and how to fix it?
The Administrators group in Active Directory would be local ONLY to the domain controllers. If you want a user account to be a local administrator on other servers and workstations you will either:
1) Put them in the Domain Admins group in AD as this group is automatically an administrator on all servers and workstations.
2) Specifically add the user to the Local Administrators group ON THE WORKSTATION.