Hi,
I will describe my problem:
-I make a new user on the (W2K) server, and place it in the domain admins group for example. The user is now member of 2 group: domain users and domain admins. If the user logs on on a pc (XP) in the domain, he is also local admin on that machine.
-I make 100 global security groups and add them to the membership list of the created user.
-Then the user logs on again (as domain admin) to a machine and strange things happen: the user can still see the security log in event viewer for example, so you might think he is admin, but when he tries to install an application (Adobe InDesign for example), the application says the user is no local adminstrator and doesn't install (and it did install before adding the groups). folder redirection also seems a related issue, as the My Documents folder doesn't point to the defined path anymore.
I added the key in the registry as described in Technet article 263693, but this didn't help (also received the patch from MS, but it won't install because the server is already on SP3).
I'm convinced it has something to do with the Kerberos ticket size so I hope someone can help me with this.
Thanks in advance!
G
I will describe my problem:
-I make a new user on the (W2K) server, and place it in the domain admins group for example. The user is now member of 2 group: domain users and domain admins. If the user logs on on a pc (XP) in the domain, he is also local admin on that machine.
-I make 100 global security groups and add them to the membership list of the created user.
-Then the user logs on again (as domain admin) to a machine and strange things happen: the user can still see the security log in event viewer for example, so you might think he is admin, but when he tries to install an application (Adobe InDesign for example), the application says the user is no local adminstrator and doesn't install (and it did install before adding the groups). folder redirection also seems a related issue, as the My Documents folder doesn't point to the defined path anymore.
I added the key in the registry as described in Technet article 263693, but this didn't help (also received the patch from MS, but it won't install because the server is already on SP3).
I'm convinced it has something to do with the Kerberos ticket size so I hope someone can help me with this.
Thanks in advance!
G