logged into the domain but now ive lost admin rights

[billemery]

have successfully gotten xp pro to log into a win nt 4.0
domain but now, i cant even install programs on the xp
computer-ive lost admin rights. it's as if im a different
user to xp when im logged into the domain.
help help

 

[Paul Adare]

microsoft.public.windowsxp.security_admin news group, billemery

have successfully gotten xp pro to log into a win nt 4.0
domain but now, i cant even install programs on the xp
computer-ive lost admin rights. it's as if im a different
user to xp when im logged into the domain.

Prior to joining the domain, you were logging on with a local account
that had administrator privileges. Since joing the domain, you're
logging on with a domain account that does not have administrative
privileges. To correct this, log on with the local administrative
account, then add your domain account to the local administrators group.

Note that logging on and using an account that has administrative rights
for day to day use is not a good idea from a security perspective. You
should log on with a non-admin account, and only use an admin account
when absolutely necessary.

 

[billemery]

thanx for your help but the domain user name and the local
user name are the same.
coxp. coxp when logged into the computer using this
computer has admin rights. when coxp is logged using the
domain rather than this computer, it doesnt have admin
rights. so, even though the names are the same, it acts
like they are two different users. the other strange thing
is that if i declare it to be in a workgroup rather than a
domain, i can connect to the network drives etc. but then
only have readonly permissions. to make matters even more
strange, on the xp computer it says that domain admins
have the right to administer my computer. do i have to
grant domain admin rights to every user that has xp in the
domain. dont think we are going to do that. just will go
back to 2000 pro.

-----Original Message-----

 

[Paul Adare]

microsoft.public.windowsxp.security_admin news group, billemery

thanx for your help but the domain user name and the local
user name are the same.
coxp. coxp when logged into the computer using this
computer has admin rights. when coxp is logged using the
domain rather than this computer, it doesnt have admin
rights. so, even though the names are the same, it acts
like they are two different users.

This is by design. Just because you have accounts with the same name, it
doesn't mean that the accounts are the same. Internally, in the security
subsystem, the accounts are known by a long string of characters called
a SID. The local coxp and domain coxp have different SIDs. Go back and
re-read what I said to do originally, and do it.

the other strange thing
is that if i declare it to be in a workgroup rather than a
domain, i can connect to the network drives etc. but then
only have readonly permissions. to make matters even more
strange, on the xp computer it says that domain admins
have the right to administer my computer. do i have to
grant domain admin rights to every user that has xp in the
domain. dont think we are going to do that. just will go
back to 2000 pro.

This works exactly the same way on Windows 2000 Professional. You don't
have to add all of your users to domain admins. Do what I told you to do
in the first place.

 

[billemery]

i would love to do what you suggested, add the domain
version of coxp (domanin name\coxp) to the users of the xp
computer. i guess im dumb because i cant figure out how to
have both a coxp and a domain name\coxp defined on the
users account of the xp machine.
help me out here

-----Original Message-----

 

[Paul Adare]

microsoft.public.windowsxp.security_admin news group, billemery

i would love to do what you suggested, add the domain
version of coxp (domanin name\coxp) to the users of the xp
computer. i guess im dumb because i cant figure out how to
have both a coxp and a domain name\coxp defined on the
users account of the xp machine.
help me out here

<sigh>

You need to re-read what I said originally. I did not say to add a new
user called coxp from the domain to the XP box, I said to add the coxp
domain account to the local Administrators group. To add users to
groups, try on-line help, it is actually quite good.
When logged in as the local administrator, right click My Computer and
then click Manage. The rest should be fairly obvious.

 

[billemery]

thanx again for your help, i really feel stupid. i
thought that the only users you could add to groups were
those that were defined on the computer.
how stupid of me

-----Original Message-----

 

[Bruce Chambers]

Greetings --

Add your domain account to the local administrators group.

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[BILLEMERY]

thanx bruce, that worked. i guess im just a little disapointed that i
had to dig in a news group to configure an xp workstation. i cant
beleive that there arent enough pepople out there connecting xp based
computers to nt domains to make it a hot topic on technet etc. guess
microsoft thinks every business has enough time and money to change
the servers along with the workstations.
boy are they dreaming.