Equivalent of Putting a Domain User into a Local Administrators Group

[shew01]

I’ve worked for NT Server and Windows 2000 for years, but I am relatively new to Active Directory. What I am hoping to do is get legacy apps (such as Office 97--yeah, I know, that's an old app) to work for a non-privileged user.

In NT 4 parlance (there are probably different terms for it in Active Directory), I’m looking for a way to put a non-privileged Domain User into a Local Administrators group on the client PC (which in this case runs Windows XP).

Any help is appreciated. Thanks!

Jon

 

[Davetoo]

You can do that from the client PC. Just put the domain user into the local Admin group. But, I'd try putting them into the Users first, then Power Users, before putting them into the Admin, if you can help it.

 

[Davetoo]

Sorry, forgot to include how to do that! lol. From the client, go to the Control Panel, then Users and Password, and just follow the instructions from the Add button to add the user from your domain.

 

[shew01]

The server name is HM00, and the client name is HM11. I cannot find a way to add HM00\MyUserName to the machine. Only HM11 is offered as a choice.

 

[Davetoo]

Do you have a domain setup? Can you ping HM00 from the HM11 machine? You should just be able to enter HM00\MyUserName from the HM11 machine.

 

[shew01]

Yes, network connectivity works fine. The login script maps server shares to drive letters without any problem for the Domain Administrator account and the unprivileged user account.

By the way, I used the domain's Administrator account to install the legacy apps. The Domain Administrator account can run the apps fine. As I recall, the Local Administrator account can run the apps fine too. However, the unprivileged user account catches all sorts of grief when attempting to run the apps. (Unable to register OCXs, etc.) If I can find a way to make the unprivileged user into a Local Administrator just on his machine, I think I'll be okay.

This "little journey" started because this is the first Windows XP client PC at the site. All of the other client PCs range between Windows 98 First Edition and Windows ME. Consequently, I have not had any prior security problems on the client PCs.

 

[Davetoo]

Ok, from the client PC, when you go to Start/Settings/Control Panel/Users and Passwords, click Add, then click Browse. Can you browse and see your domain? Click the drop down box to switch from the local system users to see your domain and add the user from there.

 

[shew01]

Hmmm... lander215, it looks like you are on the right track. When I tried your suggestion, I got the following error:

The user could not be added because the following error has occurred: The trust relationship beteen this workstation and the primary domain failed.

With a Windows NT domain, I didn't have to establish a trust relationship between the client PCs and the server. Apparently, Active Directory requires such a trust relationship.

Pardon my ignorance, how can I establish such a trust relationship with Active Directory? Can I do it from the client PC, or do I have to be on the server?

Jon