Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
mthaler

Administrator for local machine while logged on Domain

By mthaler, in Networking

Recommended Posts

mthaler    0

mthaler
Posted

A friend asked me this one, and I am stumped. I know that when your run the Network ID wizard in Win2K WS on a network with a Win2K server, at the end of the wizard, it asks you if the person should be granted higher privledges. Now my understanding is, if you set them to Administrator, it is of their LOCAL machine, NOT the whole domain, right??? And if that is correct, and this is the real question, how do you promote somebody's network account so that it is Administrator to the local machine? I don't think you would do this on the server, as you can only set them to an Administrator of the domain, and on the local machine, it only lets you tweak local accounts that are not network accounts, right?

So, is the only way to upgrade them to Administrator of the local machine, to run the Network ID wizard, which will probably end up creating a SECOND similarly named account, where they give you that choice.

Thanks for helping me understand this.

Share this post

Link to post

clutch    1

clutch
Posted

Umm, I'm sure that I am following what you are looking for, but let me explain something that might help you get your answer. If you have a server running as a domain controller, and you open "Active Directory Users and Computers" (either on the server or from a client admin station), any user you add will be a domain user and any group you add that person to in that interface would be domain-wide (there are other things, such as child domains, that this could expand on but we'll drop them for simplicity's sake right now). Now, say you were on a client PC or member server, and opened the User Manger from the Computer Management console. Next, you open "Groups" and then "Administrators". In there, you can click "Add" and select from what location you want to add a user from. On member PCs and Servers, you get a choice of the local system or the domain as locations, whereas on domain controllers you will only have the domain to select from as they have no traditional "local" account management. So, if you were to open the admin group on a PC, and add a user from the domain to that admin group, then the user would become a local admin for that system.

 

HTH

Share this post

Link to post

Silver-Dagger    0

Silver-Dagger
Posted

Could a person do this?

 

Make the person a member of the administrator group in the AD and set all domain permissions to domain administrators only? Just want to know because I have a simular problem on my home network.

Share this post

Link to post

Butternuts    0

Butternuts
Posted

S-D

 

The answer is NO. A normal user cannot just ADD himself or anyone else into the Administrators group. You need to have someone with that permission already to add people or groups to the local machine.

 

I am sure that clutch was going to add that in at the end but forgot.

 

He also did not say anything that I read about setting Domain permissions.

 

Well, you may want to talk to the SYSADMINS at your workplace and see what they say, I am sure there is some type of policy in place.

 

BN

Share this post

Link to post

clutch    1

clutch
Posted

Actually, there was a flaw at one point in NT that allowed for users to generate other users and add them to the admins group (oops ;)). A friend that's a sysadmin at a rather large network caught someone doing that a long time ago, but it was fixed since then (right? :D).

 

As for the domain permissions, I must admit that I am not sure what you are addressing BN. Please explain.

Share this post

Link to post

Butternuts    0

Butternuts
Posted

Clutch,

Do you EVER admit that you may have been wrong or mistaken or possibly just forgot to put something in a reply?

 

That said . .

 

The FLAW was not and is not with Windows 2000. So I guess that just doesn't really apply. As for the Domain permissions, Silver-Dagger mentioned them not I. I was just stating that you did not say anything about DOMAIN level permissions in your reply.

 

BN

 

I know this will probably get a prompt reply from clutch with some witty comments, unfortunately I cannot monitor this board with the same amount of enthusiasm as Clutch. frown

Share this post

Link to post

clutch    1

clutch
Posted

Umm, ok. It simply sounding like you could expand on that point. And actually, the flaw was with NT4, not Windows 2000 (as I said earlier). Now, seeing as that is your second post, you seem to be monitoring this board fairly aggressively for your first day afterall. So, was that witty enough for you?

Share this post

Link to post

Butternuts    0

Butternuts
Posted

Clutch,

I actually just decided to join under this name smile

 

So anyway, what point is it I am sapposed to be expanding on?

 

You seem to like to repeat what others say in their previous posts like you were saying them for the first time, why is that?

 

The Question was about Windows 2000 work station and server. You missed some information then tried to blame it on the fact there is a flaw in NT. As far as I could tell we were not talking or discussing NT. When I pointed that out you tried to make it seem Like you had allready mentioned it. (why?)

 

The reason for my agressive posting IS that I do not like to see information given out in a noncomplete iteration. I like things to be complete. If that is not the way people like the posts to be on this board then what is the point?

 

As for witty . . naw not quite.

 

BN

Share this post

Link to post

clutch    1

clutch
Posted

Sure man. So you're a lurker that's just now starting to pipe up? And I have no information to provide to anyone at all. That's what you're saying right? If anyone else wants to agree and thinks that my posts are a waste, then please speak up. If this is the general consensus, then I'll leave. How's that grab ya, sparky?

Share this post

Link to post

Butternuts    0

Butternuts
Posted

Oh my god, get a towel.

 

Are you looking for everyone to say "You are the man Clutch"?

 

Fine . . . YOU ARE THE MAN!!!

 

Talk about a needy personality, do you count up your posts and write them down on paper and roll in the yelling "people like me because I am smart"?

 

Maybe you should take a step back and evaluate your priorities.

 

Every forum has a "clutch member" this ones just happens to have the name too.

Share this post

Link to post

Klark    0

Klark
Posted
Quote:
...The Question was about Windows 2000 work station and server....
Personally, I have never heard of Windows 2000 work station. laugh Anyway...

Batternuts, I'm sure I am not the only one that believes you need to return to grammar school and learn how to read...correctly. The original post had everything to do with domain level permissions. Clutch simply expanded on various methods of adding an administrative account, and the differences between adding them at the client machine or the server. Simple as that. And too second that, I just tryed his methods on our 2K Advanced Server domain controller, and he is absolutely correct.

On another note, we have no way of verifying whether or not you and SysAdmin are infact the same person or not....Nor do we care. Just remember this: Moments from now, when your accounts are disabled, no one will remember you. But we all here will remember Clutch for many years too come.

All in all, you should run home now, and disrespect everyone you can on the way home....Cuz you obviously need to do that since your mommy and daddy don't provide you with the attention that you need.

Share this post

Link to post

tweaked    0

tweaked
Posted

man...

what the freaking heck was wrong with butterynuts? :x (besides the obviously moist genitalia).

 

Clutch answered the question clearly, concisely and correctly.

 

I don't get it. ;(

 

oh wait.. i get it... butterynutz is an 11 year old from a foriegn country and english is like his... 6th language?

 

anybody know what culture likes to butter up their nuts?

Share this post

Link to post

BladeRunner    0

BladeRunner
Posted
Quote:

I know this will probably get a prompt reply from clutch with some witty comments, unfortunately I cannot monitor this board with the same amount of enthusiasm as Clutch. frown


What you want to do then is get a job like mine.
You see I'm a Systems Administrator, have been for a few years now.
Because I do my job well and have most things under control most of the time, that actually leaves me with quite a bit of time to come here and monitor the boards.
A Sys Admin's like is great, don't let anybody tell you any differently.

Share this post

Link to post

Butternuts    0

Butternuts
Posted

Locked out huh? wierd.

 

Well, I guess that is that . . CAN you say a future DOS?

 

Thanks . . be chatting (via another name)

 

To the rest of you . . . I will let you use my Buttery nuts to add flavor to your dinner tonight.

 

Enjoy.

 

I came to this board to look and see what was up, You guys ask some of the lamest questions. If you had any troubleshooting skills, or skills at all you could figure these things out on your own.

 

But YOU DONT!!

 

So . . how many here from Branch Support!!

 

( * ) kiss

Share this post

Link to post

Klark    0

Klark
Posted

Clutch was absolutely correct once again....Butternuts, You're a sad little man and we all pity you.

 

First of all, since you obviously cant read, everyone here has come to the conclusion that you're simply pissed off about being completely wrong, and unfortunately you can't handle it. Which ultimately led to you making a complete ass out of yourself. Now you can say that you came here for fun, laughs, and to cause trouble, but I being a moderator on numerous forums have heard that cop-out numerous times from other folks that were in your shoes. You came in, you posted your opinions/answers, you were very wrong, you made an ass out of yourself, and now you say it was all just for fun to cover up your humility.....Sure thing man, it's your story, so tell it anyway you like!

 

Second, If you're so clever, smart, wity, or highly trained, why don't you start answering some of the unsolved threads that are still open on this forum? Oh, I forgot, you can't because you're too busy at your job fixing all the things that you f*cked up. laugh Either that, or you have no idea how to answer any of them correctly....which is more than apparent judging by your last attempt at helping someone solve their problem.

 

Lastly, it's extremely unfortunate that you have to come here and disrupt things simply because you're upset that your Daddy used to molest you, your girlfriend left you for a chic, and that your penis hasn't grown since you were nine years old. We are all sorry for your misfortune, and you have our sympathy. On that note, please seek some professional help...you could definately use it.

 

laugh

 

Oh, and by the way, nice threats....Those will come in handy.

Share this post

Link to post

adamvjackson    0

adamvjackson
Posted

For the record, I consider myself a decent tech, but even so, I need to run my ideas and thoerys past others, that's helps me learn, and perhaps others, too. I really hope you grow up, and learn some respect and manners, Butternuts. Oh, and no, I do not choose to 'hide' per say behind an alias. Please, either be respectful or leave.

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Networking
×