Server user account issues after upgrade from 2K to XPPro

  • Thread starter Thread starter andrew
  • Start date Start date
A

andrew

I just added a new computer in the office with Windows XP Pro on it.
This is a replacement for one of the guys who was using an older
computer with Windows 2000 on it. The domain account is set up on the
server and when he logs into the network at startup as himself on the
old computer, he can manage his resources and use some of the server
based software we have with no issues at all.

When he logs into the network at startup on the new computer (XP Pro
SP2) he is allowed only read-only access and many of the software
applications don't work.

I am a bit stumped. I am a little new to the server and active
directory stuff so any helpful suggestions would be greatly
appreciated.

Thanks!!
Andrew
 
On the new XP machine, is the users domain account a member of the
local administrators group? Right-click My Computer | Manage | System
Tools | Local Users and Groups | Groups | Administrators (sorry if you
already knew how to do that, you mentioned your experience level). Make
sure that the user is a member of this group and all should be good.
You may get away with adding the user to the Power Users group but I
don't know your environment.
 
In
Debo said:
On the new XP machine, is the users domain account a member of the
local administrators group? Right-click My Computer | Manage | System
Tools | Local Users and Groups | Groups | Administrators (sorry if you
already knew how to do that, you mentioned your experience level).
Make sure that the user is a member of this group and all should be
good. You may get away with adding the user to the Power Users group
but I don't know your environment.

I would actually suggest to try Power Users first, and if that doesn't work,
then try the Local Admin group.

Normally we try to give the least amount of permissions first, then go up,
but if possible, and I know sometimes it's not, that we must give them more.
Adding printers when the printer drivers have not been installed, is one
example. Normally with printers, we;ll install the drivers, then they can
choose and install printers after that.

Quick story: With one of our clients, we normally only leave them as
default, meaning as a Domain User (part of local Users). This one remote
user who we assigned a laptop, complained she couldn't install her printer
at home. So we remoted in and put her in the Local Admin group to be able to
do it. A week later she complained she could not connect into the network to
perform her duties. We could not remote into it to fix it. We asked her to
bring it in. We found she had installed the complete copy of AOL on it,
which alters network properties and interfered with our Cisco VPN client.
She had also installed a bunch of IM apps. We also found a virus that
disabled McAfee on the laptop, as well as a bunch of spyware, one of which
must have disabled COunterspy and Windows Defender (which we run both on all
workstations). We of course cleaned it up and reported our findings to her
manager. They are not allowed to install anything not work related. She got
a nasty reprimand. It took one of our guys a good porton of the afternoon to
clean it up. Hence why we like to keep them as Users ONLY. For all future
requests after this incident, for printers, etc, we now ask them to bring
them in, no exceptions, and we don't care how much an end user *thinks* they
KNOW computers.

By the way, for the original poster: Vista changes this and makes it easier
to control usage by permissions. I'm looking forward to eventually rolling
out Vista for our clients sooner or later partly to combat this issue.

--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...
 
Back
Top