|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
03-16-2007
| #1 (permalink) |
| | 2 Domain Admins, 1 Gets Admin Rights, 1 Doesn't I am set up in the Domain Admin and Administrators groups in my Windows 2000 Server active directory. There is one other person in these groups. We both have identical setups within AD. We both used to use Windows 2000, then XP, and both had all the same local permissions, as expected. However, we then both upgraded to Vista Business on identical machines, and the other user gets full access rights (ie writing a file to c:\ or looking at ALL files in c:\Program Files). I however, get Access Denied when trying to write a file to c:, and have to go to C:\Users\DJI\appdata\Local\VirtualStore\Program Files\ to get some of my Program File data. We have both done clean installs and still get the same problem. I am guessing somewhere deep within AD I am not quite the same as the other user, but I don't know where to look, either in Vista or Server 2000 ANy help would be great Thanks |
My System Specs |
|
03-16-2007
| #2 (permalink) |
| | Re: 2 Domain Admins, 1 Gets Admin Rights, 1 Doesn't On Mar 16, 4:20 am, Chuck <C...@discussions.microsoft.com> wrote: > I am set up in the Domain Admin and Administrators groups in my Windows 2000 > Server active directory. There is one other person in these groups. We both > have identical setups within AD. > > We both used to use Windows 2000, then XP, and both had all the same local > permissions, as expected. > > However, we then both upgraded to Vista Business on identical machines, and > the other user gets full access rights (ie writing a file to c:\ or looking > at ALL files in c:\Program Files). I however, get Access Denied when trying > to write a file to c:, and have to go to > C:\Users\DJI\appdata\Local\VirtualStore\Program Files\ to get some of my > Program File data. > > We have both done clean installs and still get the same problem. > > I am guessing somewhere deep within AD I am not quite the same as the other > user, but I don't know where to look, either in Vista or Server 2000 > > ANy help would be great > > Thanks If you're having trouble with directory permissions, try running the GPRESULT command in your login. That will tell you exactly which security groups you are a member of and, from there, you can see if any of those groups have an explicit Deny on the folders you're trying to look at. It will also tell you whether the Local Group Policy (gpedit.msc) is being applied, which could be another potential source of frustration. |
| My System Specs |
|
03-16-2007
| #3 (permalink) |
| | Re: 2 Domain Admins, 1 Gets Admin Rights, 1 Doesn't Here is my result from the thing yuo asked me to run (with identifiers crossed out): RSOP data for xxxxxx\xxxxxx on SF311 : Logging Mode ----------------------------------------------------- OS Configuration: Member Workstation OS Version: 6.0.6000 Site Name: N/A Roaming Profile: N/A Local Profile: C:\Users\xxxxx Connected over a slow link?: No USER SETTINGS -------------- CN=xxx,OU=Admin,DC=xxxxx,DC=co,DC=uk Last time Group Policy was applied: 16/03/2007 at 13:59:51 Group Policy was applied from: xxxx.xxxxx.co.uk Group Policy slow link threshold: 500 kbps Domain Name: xxxxxxxxx Domain Type: Windows 2000 Applied Group Policy Objects ----------------------------- Admin Only Default Domain Policy The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Local Group Policy Filtering: Not Applied (Empty) The user is a part of the following security groups --------------------------------------------------- Domain Users Everyone BUILTIN\Users BUILTIN\Administrators NT AUTHORITY\INTERACTIVE NT AUTHORITY\Authenticated Users This Organization LOCAL WinFrame Domain Admins High Mandatory Level |
| My System Specs |
|
03-16-2007
| #4 (permalink) |
| | Re: 2 Domain Admins, 1 Gets Admin Rights, 1 Doesn't On Mar 16, 7:47 am, Chuck <C...@discussions.microsoft.com> wrote: > Here is my result from the thing yuo asked me to run (with identifiers > crossed out): > > RSOP data for xxxxxx\xxxxxx on SF311 : Logging Mode > ----------------------------------------------------- > > OS Configuration: Member Workstation > OS Version: 6.0.6000 > Site Name: N/A > Roaming Profile: N/A > Local Profile: C:\Users\xxxxx > Connected over a slow link?: No > > USER SETTINGS > -------------- > CN=xxx,OU=Admin,DC=xxxxx,DC=co,DC=uk > Last time Group Policy was applied: 16/03/2007 at 13:59:51 > Group Policy was applied from: xxxx.xxxxx.co.uk > Group Policy slow link threshold: 500 kbps > Domain Name: xxxxxxxxx > Domain Type: Windows 2000 > > Applied Group Policy Objects > ----------------------------- > Admin Only > Default Domain Policy > > The following GPOs were not applied because they were filtered out > ------------------------------------------------------------------- > Local Group Policy > Filtering: Not Applied (Empty) > > The user is a part of the following security groups > --------------------------------------------------- > Domain Users > Everyone > BUILTIN\Users > BUILTIN\Administrators > NT AUTHORITY\INTERACTIVE > NT AUTHORITY\Authenticated Users > This Organization > LOCAL > WinFrame > Domain Admins > High Mandatory Level Well it looks very straightforward. Maybe your group membership is not the issue, although to be thorough I would (if I were you) also run that against the other user, and compare the two results. |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| domain user account UAC without domain admin id/password?? | Vista security | |||
| list all usesr in Domain Admins group | VB Script | |||
 Admin Rights | General Discussion | |||
| Full Local Access for Domain Admins | Network & Sharing | |||
| Add domain admin to local admin group | Vista General | |||
