Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

age old problem: user rights, can't change IP.

Status
Not open for further replies.
DrPink

DrPink

IS-IT--Management
Nov 18, 2007
47
DE
Hi
I'm still puzzled about certain permission in vista. Even though users are local admins, they still can't install a local printer, a program or change the IP settings. How come? Is it because of UAC? Every now and then, my users needs to perform some of these administrative function, but I would hate to turn of UAC.
Is there another way?

Real life needs a mucical score.
------------------------------------
Dr. Pink isn't in today, he's gone insane!
 
Sort by date Sort by votes
This shouldn't be a problem if the users are members of the local administrators group. The only thing that comes to mind is that there might be a GPO interfering with the function of the Windows Secure Desktop. Another possibility that I've seen (and don't know all the reasons or circumstances) is that the UAC/Secure Desktop prompt occassionally ends up minimized to the taskbar where it might not be noticed.

One thing that you could try is to have the users right-click on the task/shortcut/icon and 'run as administrator' to see if that generates the UAC prompt correctly.
 
Upvote 0 Downvote
There are no GPO active, we still run a NT4 domain [blush]. All users are local admins, as I said, but when it prompts for a administrator, I need to log on as domain admin.
We had a case, where a salesperson wanted to connect to a LAN at another location that didn't have DHCP. He couldn't change IP, beacuse it prompted for a administrator login [mad]. So should I give him the domain admin password, I don't think so!
I don't want to disable UAC, but I may have no choice, if these are the conditions ...

Real life needs a mucical score.
------------------------------------
Dr. Pink isn't in today, he's gone insane!
 
Upvote 0 Downvote
Whilst you may not have GPO there you are definitely inheriting policy from something.

Have a look in your netlogon folder on your domain controller, I would hazard a guess that that's where you will see your policy being loaded from.

As long as the users are members of the local administrators group they would be allowed to do anything a non domain member pc can do (like changing IP, adding printers etc), the only thing that would stop that would be policy somewhere from the domain.

As far as giving out the Domain Admin password goes.... NOOOOOOOO. It's the god of all accounts, giving that password out leaves your network wide open. Put it this way, if someone gave out my domain admin password to a member of the sales team... good bye person.

Investigate the domain for the policy, I am willing to bet that you do have something there (we only just migrated to AD so know that policy was being carried out on the old NT4 domain which got migrated to the default domain policy when it was upgraded).

Simon

The real world is not about exam scores, it's about ability.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
1K
guitarzan
guitarzan
Sebastian42
  • Locked
  • Question
Possibly a timing problem
Replies
3
Views
1K
Rick998
Rick998
VicM
  • Locked
  • Question
Problem updating Windows Explorer
Replies
1
Views
861
Nancycaf
Nancycaf
theConjurian
  • Locked
  • Question
No administrator rights after upgrading to Windows 11
Replies
19
Views
3K
goombawaho
goombawaho
Flinx
  • Locked
  • Question
Nero Burning ROM not seeing disk change 2
Replies
3
Views
640
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top