Question about Microsoft Windows Server Standard 2003 for PC

1 Answer

Domain\administrator has no local admin rights

Hello,

I have a w2k3 member server where domain admin has no administrator rights on local computer.

The background:

This server been a domain contoller itself on a separated domain. This task has been removed from the server and the server been connected to the current domain. I can log on, and access the files, but when I try to access for example the event log it is saying acces denied.

I thik it is because the domain admin user has no local admin rights.

I have manualy added that the domain admin is member of the local admin group, but still not works.

Do you have any idea why?

Thanks,

Attila

Posted by on

  • 1 more comment 
  • AttiLanD Jul 25, 2008

    The Local admin has rights, an is there. I have already tried to change the file ownership, and reset local security settings, than rejoin to the domain. The strange things for example in events, that I have access for only security logs as domain\administrator, but not for the others.






    Attila

  • AttiLanD Jul 25, 2008

    Hello,


    Thanks for your answer. I have tried to change the ownership, but sill have access to the security events.


    Loacal admin works, can do anything, but not good for exchange installation :(


    Thanks,


    Attila

  • AttiLanD Jul 25, 2008

    sorry I have missed one word:  So I have access to security events only ad domain admin

×

1 Answer

  • Level 2:

    An expert who has achieved level 2 by getting 100 points

    MVP:

    An expert that got 5 achievements.

    Governor:

    An expert whose answer got voted for 20 times.

    Scholar:

    An expert who has written 20 answers of more than 400 characters.

  • Expert
  • 162 Answers

You may need to edit group policy if this was once in a domain. You may want to try rebooting the machine and logging into the 'LOCAL' machine and see if you have rights that way. Each machine by default has one administrator account but if the server was part of a domain, that right may have been removed. You may need to reset OWNER privileges for all files in the machine.

Posted on Jul 25, 2008

  • Gary Luis
    Gary Luis Jul 25, 2008

    According to what you have said here, a domain group policy is in effect even if you log on locally. You need to know what account has access above the admin account. In most settings, when done right, the admin account is limited or disabled to thwart hackers who attack via the admin account as a first strike. You may try logging on as an enterprise admin, or a DOMAIN admin.

    I've noticed that you reset rights then rejoined the domain. Doing so would undo what you just did prior to joining the domain. Try to reset the rights for the local machine without joining the domain and see if you then have access.

    As a DOMAIN admin, you should have those rights if the DOMAIN PDC (Primary Domain Controller) has access throughout, then adding this server to the DOMAIN should propagate the rights down. If you can access the PDC, check the accounts for an enterprise administrator and use that account to access this server.

    If the local admin has all rights, then you need to check to see if the local USERS AND GROUPS have listed the administrator of the domain in the format \\domain name\user. If you see S-1-4-xxx, the accounts are corrupt.

×

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya expert can help you resolve that issue over the phone in a minute or two.
best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
the service is completely free and covers almost anything you can think of (from cars to computers, handyman, and even drones).
click here to download the app (for users in the US for now) and get all the help you need.
goodluck!

Posted on Jan 02, 2017

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

4 Answers

I have forgotten what my adminstrator domain password is. Is there a way to redo it or retrieve it?


The best and easiest way to reset the local or domain admin password. Reset domain password with Windows Password Rescuer Advanced. By this small software you can easily reset the domain password without lose anything and do not require any tech operation.
Get to the point, now let us see the step-by-step guide to recover domain password with Windows Password Rescuer Advanced. To recover Windows Server 2000/2003/2008 domain administrator/user password, follow four steps below:
Step 1. Download and install Windows Password Rescuer Advanced and use it to burn a Windows password recovery disk with CD/USB..
Step 2. Set the locked computer to boot from CD/DVD-ROM or USB drive.
Step 3. Boot the locked computer from Windows password recovery disk.
Step 4. Reset Windows 2008/2003/2000 local or domain administrator password by a few clicks.
2_13_2012_7_09_23_am.jpg

Jan 24, 2011 | Microsoft Windows XP Home Edition

Tip

Change User Password from Command Prompt


You can change a Windows User Account password that is on any Windows computer from any other Windows computer regardless of whether the User Account is on a workstation, a stand-alone server, or a Windows domain controller. Additionally, it makes no difference whether the password being changed from a workstation, a stand-alone server, or a Windows domain controller. This is true for any NT 4.0, W2K, XP Pro and Windows Server 2003 computer.
To change a user's password at the command prompt, log on as an administrator and type:

net user danielp * /domain
(This is only an example, use your own username)
When you are prompted to type a password for the user, type the new password, not the existing password. After you type the new password, the system prompts you to retype the password to confirm. The password is now changed.
Alternatively, you can type the following command:

net user danielp 123456 /domain
When you do so, the password changes without prompting you again. This command also enables you to change passwords in a batch file.
Note: If you type these commands on a member server or workstation and you don't add the /domain switch, the command will be performed on the local SAM and NOT on the DC SAM.

on Apr 25, 2010 | Microsoft Windows XP Professional SP2

1 Answer

Change local admin password from ADall my members are in domain i want to change all my memmber local admin password from server 2003 which i have it


for this you can use a spcial tool called intelliadmin network administrator in that you have the feature to change local passwords of all clients

Mar 24, 2010 | Microsoft Windows Server 2003 Enterprise...

2 Answers

Our WIN 2003 server is down and has been sent for repairs and only one user can no more log onto the domain while others still can work. The built-in administrator and domain administrator can still logon...


have you got a replacement server or member servers that are doing the other roles whilst the other server is sent off for repairs ?

Are the users logging in locally into the computers or what exactly ?

If the first then create another account in AD for the user to temporarily use ( you can use robocopy utility with the robocopy gui )

robocopy gui here

windows resource kit which includes robocopy here

Then you can copy there data from there existing home area to there new home area ( which will duplicate it for a while ) so that they still have access to there data.

If its a local account they are using then obviously just create another account on the computer they use

Apr 16, 2009 | Microsoft Windows Server Standard 2003 for...

1 Answer

I cant add a pc in domin


If the 2 pc haven't pre-created account in the AD, you should be a member of the domain admin group to add them or have an administrator to give the appropriate right to add workstation to the domain.

Mar 16, 2009 | Microsoft Windows Server Standard 2003 for...

1 Answer

I am unable to login our domain user account.


Hello,

This is usually a computer trust issue, if the computer was previously used to logon to the network and has been rebuilt or had in problems it can have trust issues. First way would be to change the computer name and add the DNS Prefix for your domain. ex desktop.abc.com to desktop1.abc.com. when prompted it is best to use the domain admin or equivalent to make the change and then reboot.

Jan 28, 2009 | Microsoft Windows Server Standard 2003 for...

5 Answers

Windows cannot connect domain either domain controller is down or otherwise unavailable or because your computer was not found


The resolution and workaround to solve the error is as below.
  1. Login to the Windows 2003 domain controller, and delete the computer account object from the Active Directory by using Microsoft Management Console (MMC) which you can always access from “Manage Your Server”.
  2. Log-in to the PC workstation as local administrator. If you cannot logon as local administrator, try to unplug the network cable and logon to the computer by using a domain administrator user that used to logon on the PC before, by using cached logon credentials feature.
  3. Go to Control Panel, then click on System icon, then go to Computer Name tab.
  4. Unjoin the computer from the domain by clicking on “Change”. You should see that Domain button is now selected. Remember your domain name in the text box. Select (Click) on “Workgroup” to remove the computer from the domain, and put any workgroup name in the text box (e.g. workgroup).
  5. Click OK to exit.
  6. Restart the computer (optional)
  7. Go back to the Control Panel, launch System properties and then go to Computer Name tab, and click on “Change”.
  8. Rejoin the domain by uncheck the Workgroup button and select (check) Domain button, and put in the domain name noted above into the text box.
  9. Click OK to exit.
  10. Reboot the PC.
This should solve the unable to logon to domain error, without changing or losing the user profiles on AD.

Dec 18, 2008 | Microsoft Windows Server Standard 2003 for...

1 Answer

Title


hi,
the difference between workgroup and the domain is
workgroup is a peer to peer network, no centralised administration and security is less.
domain is a client/ server network, administration will be done by domain and is more secure.



ramana
sys admin

Jul 02, 2008 | Microsoft Windows Server Standard 2003 for...

1 Answer

Problem


When you install a server operating system at that time it will ask you that how many maximum clients you want to attach this server so by default its 10 ,that means you can attach maximum of 10 clients , you can increase or decrease the no of computer you want.

Firstly you have to decide whether to add clients in workgroup mode or Domin mode..in domain mode you have the centralised management on the computer .so select domain level mode .
now to make clients either you can make 5 user in active directory user and computer.
1:Go to Administrative tools > Select Active Directory Users and computers > Select user on the left side > right click on that and select new user > now follow on screen instruction to make a user > now make other 4 user also in the same mannner.Now when you are logged on with local user on the clients select my computer > right click and Select properties > select my computer tab >now click change button to make client work with domain type only domain name for eg if your domain is contoso.com ,> type their only contoso > now a box will appear asking you for administrator and password enter domain controller pc password ,it will ask you to restart > after restart user can login at the client computer...
Or:

just login with local user at client computer Right click my computer > and do the same procedure ,after restarting you can login with your server name administrator and password .
---------------------------------------------------------------------------------------------
If this answers your question please rate this as fixed.
If you need more help just add a comment and I'll be glad to help you further
---------------------------------------THANKS ----------------------------------------

May 07, 2008 | Microsoft Windows Server Standard 2003 for...

1 Answer

Logging on to server


You need to go into administrative tools and look for group policy.

In the local computer policy
Computer Configuration
Windows Settings > security settings > Local policies > user rights assignment. In the right hand pane find the policy for "Allow log on locally" Set the user accounts for those users which are allowed to log on interactively on the server. Be careful you dont lock the administrator account out.
Use in conjunction with the "Deny logon locally policy" if you need to.
Hope this helps

Mar 22, 2008 | Microsoft Windows Server Standard 2003 for...

Not finding what you are looking for?
Microsoft Windows Server Standard 2003 for PC Logo

3,817 people viewed this question

Ask a Question

Usually answered in minutes!

Top Microsoft Computers & Internet Experts

micky dee

Level 3 Expert

2635 Answers

Les Dickinson
Les Dickinson

Level 3 Expert

18333 Answers

Brian Sullivan
Brian Sullivan

Level 3 Expert

27725 Answers

Are you a Microsoft Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...