Local Groups and Domain Groups

T

toeknee

Hi,

I have a Windows XP Pro w/SP1A on a Windows NT 4.0
Domain. We have groups created on the domain(XPAdmin)
that we add into the local groups on the PC
(Administrators).
If a user logs onto the PC and has user only user rights.
But then is added to the Domain Group(XPADMIN) that is
part of the Administators group on the local PC. Their
creditials are not updated so that they have Administator
rights on that PC.
Does anyone know why? Or is there a fix?
Initial I am thinking that in Group Policies in MMC there
is an option there as to the number of cache logins (10
default) does this need to be lower? If we set this at 0
will this also not allow them to log in if the domain is
down?

Thanks... Tony
 
D

David Jones

After being added to the Administrator group, the user
needs to log off and log on - what happens is that
Windows creates a "token" of all the user's groups, but
that happens only at logon.

Does this not work for you?
 
R

Roger Abell

As David answered you first question, changes to
group membership only become active when the
account logs in _after_ the change.

To address your last question, if you set the number
of cached logins to 0 then they will be unable to log
in if the domain controller(s) are not reachable.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Nesting domain groups under local groups 7
Local Power User on domain 1
Override the local Group Policy by domain policy or delete the RSOP 0
Adding domain users as local XP administrators... 6
Do I need a Local admin account? 2
Modifying Local Groups 1
domain local groups on XP pro 1
Custom user group in windows XP 2

Top