Newbie question re: security principles

  • Thread starter Thread starter JM
  • Start date Start date
J

JM

I'm trying to help the small company I'm working for do a few network things
while we find a new IT person. We have a Windows 2000 Server DC/AD. The
users all are members of the Domain Users group, with very limited control.
I'm trying to change some IP setting on some network interfaces, but as a DU
I can't access the settings.

I thought I could simply go into AD Users and Groups and add my account to
the Administrators Built-In, but after doing so I still do not have the
access I need. It makes me think there is a security principle higher in
the heirarchy that controls this. Is a domain security principle overriding
the "user level" change I'm making? [i apologize; i'm not trained in this]

thank you,

william
 
A domain user cannot add accounts to the administrators group (otherwise,
security would be useless). You'll need to log into a domain controller or a
workstation with the ADUC snap-in, using an account with at least domain
admin credentials. The you will be able to add your own user account to the
domain admins or administrators group.

....kurt
 
I'm sorry I wasn't clear.

I logged in as the Administrator, with the Administrator password, accessed
the Active Directory Users and Groups, chose our domain, found the OU for
the users, right clicked on my account, went to Member Of, and added
Administrators. Now both Domain Users and Administrator shows up in the
"Member Of" window. I logged out as Admin, back in under my account.
However, my changes seem to have no effect.

Sorry if my ignorance is obvious. I'm new to this.

thank you again,

wjm








Kurt said:
A domain user cannot add accounts to the administrators group (otherwise,
security would be useless). You'll need to log into a domain controller or a
workstation with the ADUC snap-in, using an account with at least domain
admin credentials. The you will be able to add your own user account to the
domain admins or administrators group.

...kurt

JM said:
I'm trying to help the small company I'm working for do a few network
things
while we find a new IT person. We have a Windows 2000 Server DC/AD. The
users all are members of the Domain Users group, with very limited
control.
I'm trying to change some IP setting on some network interfaces, but as a
DU
I can't access the settings.

I thought I could simply go into AD Users and Groups and add my account to
the Administrators Built-In, but after doing so I still do not have the
access I need. It makes me think there is a security principle higher in
the heirarchy that controls this. Is a domain security principle
overriding
the "user level" change I'm making? [i apologize; i'm not trained in this]

thank you,

william
Click to expand...
Click to expand...
 
JM,

Add yourself to the Domain Admins group. The Domain Admins group is
placed in the local administrators group of computers when they join
the domain. With that account you should have administrator rights on
any machine in the domain you logon to.

Regards,
Tim.Olsen
 
There also may be some policies applied at the domain level to "domain
users" that do not apply to "domain admins". Sometimes, removing your
account from the users group will solve it, other times, you'll need to
reverse the policy to make it go away.
 
Back
Top