B
Brian Nielsen
Hello,
I'm not sure if this is the right forum to post this question in, but I'll
give it a try.
I have made a program which adds a user to a group, which is member of
Domain Admins, so that the user can create users and group policies.
This program is run when the user is logging on Windows 2000.
To force the group membership to be updated in the same logon session, I'm
resetting the kerberos tickets.
This have the consequences that I am able to create users in the domain.
But it also adds the following problems:
Problem 1:
What: Sometimes when I reset the tickets and wants to create new
group policies on a OU, the
button to create new group policies is enabled (In
Active Directory Users and Computers), but when I press
the button it returns and error saying "Access Denied".
It is only sometimes this happens, and after a while it
is working again.
Setup: The problem occurs only when there are configured 2 sites in
a native Windows 2000 domain, it does not
happen when there are only on Domain controller in the
domain.
Idea: I have seen on the net that 2 utilities for kerberos
exists, KInit.exe and KDestroy.exe for initializing and destroying the
kerberos setup.
Is it possible to download them anywhere to Windows 2000
?
Problem 2:
What: Resetting the kerberos tickets gives the user Domain admin
rights in the domain, but it does not give the user local administrator
rights,
so it cannot perform local system management on the
local workstation where it is logged on.
Does someone have an idea of what I can do to solve one or both of the
problems ?
Thanks in advance
/Brian Nielsen
I'm not sure if this is the right forum to post this question in, but I'll
give it a try.
I have made a program which adds a user to a group, which is member of
Domain Admins, so that the user can create users and group policies.
This program is run when the user is logging on Windows 2000.
To force the group membership to be updated in the same logon session, I'm
resetting the kerberos tickets.
This have the consequences that I am able to create users in the domain.
But it also adds the following problems:
Problem 1:
What: Sometimes when I reset the tickets and wants to create new
group policies on a OU, the
button to create new group policies is enabled (In
Active Directory Users and Computers), but when I press
the button it returns and error saying "Access Denied".
It is only sometimes this happens, and after a while it
is working again.
Setup: The problem occurs only when there are configured 2 sites in
a native Windows 2000 domain, it does not
happen when there are only on Domain controller in the
domain.
Idea: I have seen on the net that 2 utilities for kerberos
exists, KInit.exe and KDestroy.exe for initializing and destroying the
kerberos setup.
Is it possible to download them anywhere to Windows 2000
?
Problem 2:
What: Resetting the kerberos tickets gives the user Domain admin
rights in the domain, but it does not give the user local administrator
rights,
so it cannot perform local system management on the
local workstation where it is logged on.
Does someone have an idea of what I can do to solve one or both of the
problems ?
Thanks in advance
/Brian Nielsen