all operations require local admin rights

  • Thread starter Thread starter EvB
  • Start date Start date
E

EvB

I created a new domain with 2 dc´s and some member servers, all windows
2000. About 50 W2K clients connected.
I use roaming profiles.

1st:
When i logon a client machine the profile loads but when i log off the
profile cannot be saved. This is on all clients with all usernames. When i
give a client local administrator rights it works fine. The userrights on
the profile map on the server are checked and okey.

2nd:
When i try to run local applications on the clients machine the
applications give all sort of errors. When i give the user local admin
rights everything works perfect. This is on al clients with all usernames.

Before I created the new Domain/DC´s this never has been a problem. What can
create the problem that for all actions local administrator rights are
required.

Is it something the DC sents to the client by a group policy or another
security policy? I checked pretty much but can´t find anything. Can anyone
help me out please?

Kind regards,

EvB
 
Hello,

For issue 1: How do you know the profile is not saved? IS there an error
such as this occurring on the client:

Event ID: 1000

Event Type: Error
Event Source: Userenv
Event Category: None

Description: Windows cannot unload your registry file. If you have a
roaming
profile, your settings are not replicated. Contact your
administrator.

DETAIL: Access is denied.

If the profile is roaming and you are scanning it with AV or backup software
locally or remotely it can cause the profile to not be saved. Test this by
disabling or removing the antivirus program or the backup program
temporarily.

Here is another common issue:

169144 Changes to User Profiles Are Not Saved
http://support.microsoft.com/?id=169144

For issue 2 what are the specific apps that are failing? Does Notepad or
Office work? And what are the errors the users are getting? Perhaps 169144
Changes to User Profiles Are Not Saved, has something to do with issue
number 2 as well?


Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
If users are members of the Guest group, either directly or indirectly,
either on the local machine or in the directory they'll have this problem.
Make sure your users are not part of any Guest group(s).
Were they?
 
Hi

For issue 1; Yes, there is such error on the client. I tried your suggestion
with the vscanner but I´m afraid that didn´t work.

The strange thing is that when i give the user local admin rights, issue 1 &
2 are fixed.

The applications that can give problems are word, excel and outlook.
The application that always gives troubles without admin rights is written
in Magic by our own developper. It refers to an networked database. This
application receives a watson error when launched as default user. The
office apps wont start at all.

sincerely
EvB
 
Did you look at this article it is the same thing that Mark is reffering to:
169144 Changes to User Profiles Are Not Saved
http://support.microsoft.com/?id=169144
Click to expand...

Also there are some known issues with profiles not unloading in Windows
products. make sure you have the latest service packs on all boxes.


Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
Back
Top