G
Guest
This is a long one, I'm trying to be explicit.
I am the administrator of a Active Directory Server and am logging on to the Domain from a local XP Pro pc. (This is happening on several of my pcs, and not on several others.)
The problem local machine explicitly has Domain Admins as well as specific Domain users in its' Local Administrators account. While logged on as any administrator, I cannot edit Local Policies (Start / Control Panel / Performance and Maintenance / Administrative Tools / Local Security Policy ) .. I can "push past" the errors and get in, but all editing (changes) is "greyed out".
I am asked which account I want to use, if I use any Domain User or the Domain Administrator which is not the Local PCs' Administrator (Administrator) I am told I "Do not have permission to perform this operation." If I log on as the Local Administrator (PCName\Administrator) I get "in" but again, I cannot make changes, ie. the "Add User or Group" and "Remove" buttons are greyed out, as is the list of users.
It should probably be noted that this entire network is comprised of pcs which have been upgraded from Windows 95 to 98 to XP, (as well as the servers going from NT4 to 2000) and some screwy stuff happened with Policies back between 98/NT and '98/2000. Some policies were removed and, at one point some config pols were lost or messed up between the local pcs and the Domain controller. I suspect the pcs that lost their policies are the ones I'm currently having trouble with.
Oh, and by the way also, I have attempted already upgrading one of the problem pcs from FAT32 to NTFS even though I didn't think it would help. It didn't. This problem is not "file" security, it is O/S policy.
Ideas, please. Thanks.
I am the administrator of a Active Directory Server and am logging on to the Domain from a local XP Pro pc. (This is happening on several of my pcs, and not on several others.)
The problem local machine explicitly has Domain Admins as well as specific Domain users in its' Local Administrators account. While logged on as any administrator, I cannot edit Local Policies (Start / Control Panel / Performance and Maintenance / Administrative Tools / Local Security Policy ) .. I can "push past" the errors and get in, but all editing (changes) is "greyed out".
I am asked which account I want to use, if I use any Domain User or the Domain Administrator which is not the Local PCs' Administrator (Administrator) I am told I "Do not have permission to perform this operation." If I log on as the Local Administrator (PCName\Administrator) I get "in" but again, I cannot make changes, ie. the "Add User or Group" and "Remove" buttons are greyed out, as is the list of users.
It should probably be noted that this entire network is comprised of pcs which have been upgraded from Windows 95 to 98 to XP, (as well as the servers going from NT4 to 2000) and some screwy stuff happened with Policies back between 98/NT and '98/2000. Some policies were removed and, at one point some config pols were lost or messed up between the local pcs and the Domain controller. I suspect the pcs that lost their policies are the ones I'm currently having trouble with.
Oh, and by the way also, I have attempted already upgrading one of the problem pcs from FAT32 to NTFS even though I didn't think it would help. It didn't. This problem is not "file" security, it is O/S policy.
Ideas, please. Thanks.