Question about Microsoft Windows Server Standard 2003 for PC

1 Answer

Domain\administrator has no local admin rights

Hello,

I have a w2k3 member server where domain admin has no administrator rights on local computer.

The background:

This server been a domain contoller itself on a separated domain. This task has been removed from the server and the server been connected to the current domain. I can log on, and access the files, but when I try to access for example the event log it is saying acces denied.

I thik it is because the domain admin user has no local admin rights.

I have manualy added that the domain admin is member of the local admin group, but still not works.

Do you have any idea why?

Thanks,

Attila

Posted by on

  • 1 more comment 
  • AttiLanD Jul 25, 2008

    The Local admin has rights, an is there. I have already tried to change the file ownership, and reset local security settings, than rejoin to the domain. The strange things for example in events, that I have access for only security logs as domain\administrator, but not for the others.






    Attila

  • AttiLanD Jul 25, 2008

    Hello,


    Thanks for your answer. I have tried to change the ownership, but sill have access to the security events.


    Loacal admin works, can do anything, but not good for exchange installation :(


    Thanks,


    Attila

  • AttiLanD Jul 25, 2008

    sorry I have missed one word:  So I have access to security events only ad domain admin

×

1 Answer

  • Level 2:

    An expert who has achieved level 2 by getting 100 points

    MVP:

    An expert that got 5 achievements.

    Governor:

    An expert whose answer got voted for 20 times.

    Scholar:

    An expert who has written 20 answers of more than 400 characters.

  • Expert
  • 162 Answers

You may need to edit group policy if this was once in a domain. You may want to try rebooting the machine and logging into the 'LOCAL' machine and see if you have rights that way. Each machine by default has one administrator account but if the server was part of a domain, that right may have been removed. You may need to reset OWNER privileges for all files in the machine.

Posted on Jul 25, 2008

  • Gary Luis
    Gary Luis Jul 25, 2008

    According to what you have said here, a domain group policy is in effect even if you log on locally. You need to know what account has access above the admin account. In most settings, when done right, the admin account is limited or disabled to thwart hackers who attack via the admin account as a first strike. You may try logging on as an enterprise admin, or a DOMAIN admin.

    I've noticed that you reset rights then rejoined the domain. Doing so would undo what you just did prior to joining the domain. Try to reset the rights for the local machine without joining the domain and see if you then have access.

    As a DOMAIN admin, you should have those rights if the DOMAIN PDC (Primary Domain Controller) has access throughout, then adding this server to the DOMAIN should propagate the rights down. If you can access the PDC, check the accounts for an enterprise administrator and use that account to access this server.

    If the local admin has all rights, then you need to check to see if the local USERS AND GROUPS have listed the administrator of the domain in the format \\domain name\user. If you see S-1-4-xxx, the accounts are corrupt.

×

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya expert can help you resolve that issue over the phone in a minute or two.
best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
the service is completely free and covers almost anything you can think of (from cars to computers, handyman, and even drones).
click here to download the app (for users in the US for now) and get all the help you need.
goodluck!

Posted on Jan 02, 2017

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

We have a KM bizhub 250, and we upgraded our server to a SBS 2008 Server. Now our scanning is not working. What could be the problem?


If this server is also a domain controler that is usually caused by the following setting:
Microsoft Network Server: Digitally Sign Communications (Always), The default setting for domain controllers is enabled, for others is not configured or disabled. This usually causes problems when acessing the share from devices are not cable of Digitally Sign Communications, like some multifunctionals/scanners or linux machines. This does not happen on all machines since some are capable of Digitally Sign Communications. Usually older machines have this issue.
So, try to disable this setting on the server, on the Domain controller security policy and Default Domain Policy.

Administrative Tools
Domain controller security policy
Local Policies
Security options
Microsoft Network Server: Digitally signed communication (always) -> should be changed to DISABLE
Execute Gpupdate /force or reboot the server to apply the policy change

You will not be able to change this setting trough gpedit , local computer policy since it is overrided by the Domain security policy.

On server 2008 one way to get there is the following:
Administrative Tools
Server Manager
Features
Group Policy Manager
Forest: ...
Default Domain Policy
Computer configuration
Policies
Windows Settings
Security Settings
Local Policies
Security Options
Microsoft Network Server: Digitally Sign Communications (Always)
- Define This Policy
- Disabled

Execute Gpupdate /force or reboot to apply policy

Trough gpedit you will be able to see the option but not change it, so I suggest that after the change you cannot scan to the folder check trough gpedit if it is disabled.
If it is not disabled, disable it at the top of the hierarchy. Something may be overriding the setting.

If it still does not work try the following, togheter with the previous setting
Domain member: Digitally encrypt or sign secure channel data (always) -> disabled

Dont forget to execute Gpupdate /force or reboot to apply policy each time you change something.

Also

are you scanning to the server using \\server_ip_address\shared_folder or \\server_name\shared_folder?
Just wondering about name resolution.
Is the domain field configured in the machine? if not you might have to specify the user for authentication like for example: user@domain.local

Dec 23, 2010 | Konica Minolta bizhub C250 All-In-One...

Tip

Reset Password Windows Server 2008, 2008R2


As the popular use of Windows Server 2008, large amount of trivial things come up with us each minute, the occasion that we reset password Windows Server 2008 becomes also common. Therefore, Windows Server 2008 password reset is the necessary technique for us now!


Windows Server 2008 is one of Microsoft Windows Server serials of operating systems. Besides Windows 7, Windows Server 2008 is the latest and more secured versions from Microsoft. Windows Server 2008 has newly added many new functional features included that system administrators of small and large companies will enjoy.


Most of us use Windows 2008 Server as a workstation. That means a group of computers and devices on a network that are controlled as a unit with common rules and procedures. And the host manages these computers through its admin account and password.


If you forgot windows server 2008 password of local admin, I think it is easy for you to recover the password. But what if you forgot windows domain password? Things will get trickier and all of the computers in the domain paralyze. These passwords also called AD password. Before solving your password problem, you need to know what Active Directory Domain Controller is.


What is Active Directory Domain Controller?
A domain controller is a server that is running a version of the Windows Server operating system and has Active Directory Domain Services installed.


When you install Windows Server on a computer, you can choose to configure a specific server role for that computer. When you want to create a new forest, a new domain, or an additional domain controller in an existing domain, you configure the server with the role of domain controller by installing Active Directory Domain Controller(AD DC).


There are differences between Domain and local. A Windows Server domain is a logical group of computers running versions of the Microsoft Windows operating system that share a central directory database. A user may be granted access to a number of computer resources with the use of a single username and password combination.


A Domain Controller allows password authentication throughout a network. What this means is that your password is checked on the central server no matter which machine you log in from. A Domain Controller can also control access to files and directories which can be setup so users have access to all their files no matter which machine they log in from. This also makes adding and removing users among other things much easier as all that is required is a change on the Domain Controller itself rather than every machine on a network.


If you need reset domain administrator password (also called AD password), it will be a tricky thing. However, Ainorsoft Windows Password Recovery can allow you to reset password Windows Server 2008 domain.


Steps for Windows Server 2008 password reset domain:
Step1. Google Windows Password Recovery Corporation, download and install in any available computer.
Step2. Create a bootable CD/DVD or USB flash drive. (A blank CD/DVD/USB Flash Drive is needed)
Step3. BIOS set. Boot computer from the created CD/DVD/USB Flash Drive and set BIOS setup.
Step4. Reset Windows server 2008 or 2008R2 password to Re123456.

on Jan 10, 2011 | Computers & Internet

Tip

How to reset Windows Server 2008 domain password


Windows Server 2008 is one of Microsoft Windows' server line of operating systems. Besides Windows 7.Windows Server 2008 are the latest and more secured versions from Microsoft. Windows Server 2008 has many new features included that system administrators of small and large companies will enjoy. <br /> <br /> Many use Windows 2008 server as a workstation.That means A group of computers and devices on a network that are administered as a unit with common rules and procedures.And the host computer manage these computers through its admin account and password.<br /> <br /> If you have lost windows 2008 server local admin password, I think it is easy for you to recover the password.But what if you have lost windows domain password? Things will get more tricky and all of the computers in the domain paralyze.These passwords also called AD password.Before solving your password problem, you need to know what is Active Directory Domain Controller.<br /> <br /> <b>What is Active Directory Domain Controller?</b><br /> <br />A domain controller is a server that is running a version of the Windows Server operating system and has Active Directory Domain Services installed.<br /> <br /> When you install Windows Server on a computer, you can choose to configure a specific server role for that computer. When you want to create a new forest, a new domain, or an additional domain controller in an existing domain, you configure the server with the role of domain controller by installing Active Directory Domain Controller (AD DS).<br /> <br /> There is the diffence bettwen Domain and local. A Windows Server domain is a logical group of computers running versions of the Microsoft Windows operating system that share a central directory database. A user may be granted access to a number of computer resources with the use of a single username and password combination.<br /> <br /> A Domain Controller allows password authentication throughout a network. What this means is that your password is checked on the central server no matter which machine you log in from. A Domain Controller can also control access to files and directories which can be setup so users have access to all their files no matter which machine they log in from. This also makes adding and removing users among other things much easier as all that is required is a change on the Domain Controller itself rather than every machine on a network.<br /> <br />If you have lost this domain administrator password (also called AD password), it will be a tricky thing.However, Windows Password Key Enterprise can allow you to reset domain administrator password.<br /> Here is the steps to reset Windows server domain password<br /> <br /> Step 1: Download and install Windows Password Key Enterprise in any available computer.<br /> <img src="shalakate.jpg" /> Step 2: Run the software and insert a blank CD or USB Flash Drive to computer.<br /> Step 3: Select Domain Administrator and choose CD/DVD or USB Flash Drive<br /> Step 4: Click Burn to begin bootable disk creation.<br /> Step 5: Insert the newly created CD/USB Flash Drive to your locked computer , but remember you need to set the bios setup , make sure the computer to boot from CD or USB.<br />If you don't know how to set BIOS, take a look this tutorial.<br /> <a href="http://www.lostwindowspassword.com/how_it_works/bios_setting_for_cd.htm">http://www.lostwindowspassword.com/how_it_works/bios_setting_for_cd.htm</a><br /> <br />Step 6: And then you can recover your Domain admin password<br /> <br />Now you can log on your domain admin account and reset a new password.<br />Note: This can also work in Windows Server 2000,2003 <br /> cc

on Nov 29, 2010 | Computers & Internet

1 Answer

Change local admin password from ADall my members are in domain i want to change all my memmber local admin password from server 2003 which i have it


for this you can use a spcial tool called intelliadmin network administrator in that you have the feature to change local passwords of all clients

Mar 24, 2010 | Microsoft Windows Server 2003 Enterprise...

1 Answer

Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible...


When you "logon" to your local network, your computer is configured to fetch your "desktop" (My Documents and wallpaper and everything else) from a "server" computer on your network.

Was your "logon" to the local "domain-server" a successful login?
Does your local Network Administrator indicate that the "domain-server" is functioning properly?
Does that server's log-file show any error-messages, such as "not allowed to login between 10 PM and 6 AM" (a "security" setting on the server).

Since your "desktop" could not be loaded from the domain-server,
your computer has used a "local" copy of your "desktop",
and it is warning you that any changes will *NOT* be "merged" back to your "network" profile.

Have you contacted you local Network Administrator? What did she say?

May 25, 2009 | D-Link Computers & Internet

1 Answer

I cant add a pc in domin


If the 2 pc haven't pre-created account in the AD, you should be a member of the domain admin group to add them or have an administrator to give the appropriate right to add workstation to the domain.

Mar 16, 2009 | Microsoft Windows Server Standard 2003 for...

2 Answers

Password domain problem. How do I fix this


The best and easiest way to reset the local or domain admin password. Reset domain password with Windows Password Rescuer Advanced. By this small software you can easily reset the domain password without lose anything and do not require any tech operation.
Get to the point, now let us see the step-by-step guide to recover domain password with Windows Password Rescuer Advanced. To recover Windows Server 2000/2003/2008 domain administrator/user password, follow four steps below:
Step 1. Download and install Windows Password Rescuer Advanced and use it to burn a Windows password recovery disk with CD/USB..
Step 2. Set the locked computer to boot from CD/DVD-ROM or USB drive.
Step 3. Boot the locked computer from Windows password recovery disk.
Step 4. Reset Windows 2008/2003/2000 local or domain administrator password by a few clicks.
2_13_2012_7_09_23_am.jpg

Mar 02, 2009 | Computers & Internet

5 Answers

Windows cannot connect domain either domain controller is down or otherwise unavailable or because your computer was not found


The resolution and workaround to solve the error is as below.
  1. Login to the Windows 2003 domain controller, and delete the computer account object from the Active Directory by using Microsoft Management Console (MMC) which you can always access from “Manage Your Server”.
  2. Log-in to the PC workstation as local administrator. If you cannot logon as local administrator, try to unplug the network cable and logon to the computer by using a domain administrator user that used to logon on the PC before, by using cached logon credentials feature.
  3. Go to Control Panel, then click on System icon, then go to Computer Name tab.
  4. Unjoin the computer from the domain by clicking on “Change”. You should see that Domain button is now selected. Remember your domain name in the text box. Select (Click) on “Workgroup” to remove the computer from the domain, and put any workgroup name in the text box (e.g. workgroup).
  5. Click OK to exit.
  6. Restart the computer (optional)
  7. Go back to the Control Panel, launch System properties and then go to Computer Name tab, and click on “Change”.
  8. Rejoin the domain by uncheck the Workgroup button and select (check) Domain button, and put in the domain name noted above into the text box.
  9. Click OK to exit.
  10. Reboot the PC.
This should solve the unable to logon to domain error, without changing or losing the user profiles on AD.

Dec 18, 2008 | Microsoft Windows Server Standard 2003 for...

1 Answer

Pixma ip 5200 r -> CD Labeler Problem


After long research .... I found out that the pixma is indeed a network printer ;) .... BUT it has a printserver already build in!!!! Having 2 Servers is obviously not too good of an idea ;) ....still wonders me as to why it did work in the 1st place ..... (i guess there was something wrong with the w2k3 print server *muhaahha)

May 07, 2008 | Canon PIXMA iP5200R InkJet Photo Printer

1 Answer

Logging on to server


You need to go into administrative tools and look for group policy.

In the local computer policy
Computer Configuration
Windows Settings > security settings > Local policies > user rights assignment. In the right hand pane find the policy for "Allow log on locally" Set the user accounts for those users which are allowed to log on interactively on the server. Be careful you dont lock the administrator account out.
Use in conjunction with the "Deny logon locally policy" if you need to.
Hope this helps

Mar 22, 2008 | Microsoft Windows Server Standard 2003 for...

Not finding what you are looking for?
Microsoft Windows Server Standard 2003 for PC Logo

3,818 people viewed this question

Ask a Question

Usually answered in minutes!

Top Microsoft Computers & Internet Experts

micky dee

Level 3 Expert

2644 Answers

Les Dickinson
Les Dickinson

Level 3 Expert

18381 Answers

Brian Sullivan
Brian Sullivan

Level 3 Expert

27725 Answers

Are you a Microsoft Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...