Just a weird situation... can anyone help?

[drunkmestupid]

Okay folks, I have a funky situation here and to be honest I don't really know how to word the problems, but here goes anyway:

SETUP:
1- Windows 2000 Server fully configured with DHCP, DNS, and Active Directory

2-5 Windows 2000 Professional workstations


All user profiles are handled entirely through AD.


PROBLEM: Software acts "weird." LOL. I will list software with the issue associated with it to better explain.

Quicken: No audio; will not register answers to questions it asks you, for example: when putting a check in the register for balancing Quicken will ask you if you want to use it's auto balance feature. You either click Yes or No and there is also a check box for "Don't ask me again." I can check the box and click No and it will still ask me every time I perform that action. There are other boxes that come up for other things and the result is the same.

WinAMP: It will not "remember" any preferences or options set from one session to the next.

PhotoEditor (Comes with Microsoft Office 2000): Tells me there is no file(s) associated with it in the registry and it will not allow any files (pictures) to be opened it it even though in the files and folders options all pic extensions are associated with this program.


All these "problems" happen when logged on as a domain user. If I log on as a domain administrator, there are NO problems. In other words, as an administrator all the software works fine.

It seems to me that there may be some restriction to the user accounts that keep these programs from "retaining" information. Could it be that these programs store some of this info in the registry or program files that these user profiles are restricted from "writing" to?

I am sorry this is not that clear, but these "little" things are becoming quite annoying.


TIA!

 

[jamk555]

Are these applications being run from a shared drive? If they are, check the permissions on the share.

Are the user profiles roaming? If they are, try creating a super user group on the domain and adding a user to it, and see if that user still has the same problem. Also make sure that the local machines have the correct permissions for your domain user group (not the local user group)

How were the applications installed? Do you have any errors in your event viewer - both server side and local?

jamk555

 

[drunkmestupid]

jamk555,

Thanks for the info. Here are responses to your questions. If anyone else has information, please don't hesitate to reply.


The apps are run locally.

How do I create a "Super" or "Power" user group? I am fairly new to AD, but this I cannot find how to do. I have searched the help files and Microsoft's web site, but to no avail... I planned to continue searching tonight, but work is busy and I won't have the time... hehehe.

The applications were installed as a domain administrator on the local machine. I have not checked my event viewer. That too is new to me, can you help there too please?


TIA!

 

[drunkmestupid]

Hi folks,

Maybe this will explain a little better. When I had Win2K Pro on a stand alone machine I had several user profiles setup. On the local machine you have 2 main levels of access: Standard (Power Users Group) and Restricted (Users Group).

The way the users profiles through AD act is as if they are Restricted. In other words, the Domain Users Group seems to equal that of the local Users Group as far as restrictions go.

I need to be able to achieve creating a group through AD that is more like the local Power Users Group.

I say this because it seems as if the local machine has 3 main levels: User, Power User, and Administrator, yet AD seems to only have 2, User and Administrator with no middle ground.

Does this make sense?

What I do know is that when the machine was stand alone with local profiles, the users didn't have the problems they are having now... those like what I originially posted.

Please help!


Thanks.

 

[mackadoddle]

My Techs had a similar problem when setting up a new XP machine and rebooting approx. 6 times. The answer was adding the Active Directory User into the Administrators group on the local machine. After much beating my head against the wall the problem was solved! What a headache ...I had visions of users receiving their new machines only to have their profile eaten after a few re-boot! Try this solution, I think it will work for your problems.

Good luck!

 

[jamk555]

On the Domain Controller create a group policy that assigns a login script that uses the NET LOCALGROUP command.

You can use this command to add a Domain Security Group to the local machine.

In other words:
1. create a security group on the domain level that is your 'super user' group
2. assign group policy to this that gives them all of the permissions on the local machines that you want them to have.
3. enforce this group policy to the users you want to apply it to
4. Add the users that you want to have those permissions to that 'super user' group

remember, domain policy takes precedence.

Let me know if it helps!

jamk555 jamk555

 

[jaeddy]

This may be a mission for Regedt32- I ran in to a similar problem with CD burning software. Open Regedt32 go to HKLM\Software and select one of the problematic programs, then open the security/permissions menu and give the USERS group full access to the software.

I would try this on one machine with one program and see if it solves the problem. If it does, there certainly must be an easy way to push such changes via AD. Anyone?