Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

User with Admin rights doesn't have them?

Status
Not open for further replies.
JBruyet

JBruyet

IS-IT--Management
Apr 6, 2001
1,200
0
0
US
I have a user with Win2k Pro on his computer. This user has Administrative rights, but he keeps getting "Access Denied" error messages. The message also says that he needs Administrative privileges and he should login as an Administrator. This user has Admin rights. What am I missing here???

Thanks,

Joe Brouillette
 
Sort by date Sort by votes
Where is he logging on, locally or Domain? If he has admin rights on the domain that does not necessarily give him admin rights locally.
If he is installing a program and it writes to the local registry and he does not have local rights then no install.
It could also be a GP set that applies against them.
 
Upvote 0 Downvote
This user has Admin rights locally, but he is logging on to the network (NT 4.0). Maybe I'll have him logon locally and see if that helps.

Thanks,

Joe Brouillette
 
Upvote 0 Downvote
Joe,

Thanks for writing down my exact problem... I cannot figure this out ... I feel like I'm missing something here too....but I am seeing the exact same thing.

I only have a workgroup of 2 computers networked together, built them both with clean installs, and did basically the same configurations on each. One computer works great, the other one, I've been troubleshooting for weeks.

see thread: thread616-281281 for that problem..

But I've been trying to use Windows updater and I get the following message:

****************************************
Administrators Only


To install items from Windows Update, you must be logged on as an administrator or a member of the Administrators group. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure.

Note You can "run as" the local administrator on your computer without having to log off and then log on again:

Click Start, and then click All Programs.
Right-click Windows Update.
Click Run as on the menu that appears.
Do one of the following:
Enter the password for the administrator.
Enter the user name, domain name, and password of a different user account that has administrative permissions on this computer.
*************************************************

---You'll notice that it says click on "All Programs"... well, there isn't an option for that. there is an option for only "Programs". So, I click on programs, but that's just an arrow that you can't right click on...

There's nothing to do with a Domain, just a workgroup... both are windows 2000 pro... After the initial install, I created a second administrators account, which is the one I'm using now... All I did with it was give it administrator privilege. When I login I think I'm logging in as the administrator... But for instance, when I try to login to Tek-Tips, and create a cookie to remember me next time, it always forgets it. I go to Microsoft Support page, they say JAVA and Cookies must be enabled... Looks like everything is already enabled...I try to click windows update, asks me to login with admin priviliges...

I'm in the same boat... Don't know why it's doing it... But I'm thinking about trying a repair instead of a clean install.... due to the fact that in the event viewer there were a lot of protected system files that were being overwritten and replaced again. Not sure if that may have caused a problem.

Thanks,

Steve
 
Upvote 0 Downvote
bellins, to clarify, I assume you have set up 2 different administrator accounts (1 on each pc). Is it both pc's that arent giving you the proper permissions or just 1 of them?

What about the default built-in administrator accounts, theyre busted too?
 
Upvote 0 Downvote
Just an FYI, bellins1:

Sounds like the help screen you're seeing was actually made for XP -- that's where you'd find the "All Programs" item and the Run As options... interesting it shows up on your machine. I assume the error message shows up in your browser window?

 
Upvote 0 Downvote
Sheesh. I was just over at my user's computer and it's working fine now. Nothing else was changed. He's already gone home for the day so I'll catch him tomorrow and see if he did something different. If so I'll post it.

Thanks,

Joe Brouillette
 
Upvote 0 Downvote
Hi Joe,

I was trying to figure it out last night but didn't really get too far. I have a workgroup setup with one client pc and one gateway pc. They both use the same login account. One works on the gateway, but the same account doesn't work on the client. These are local accounts though... I think I was reading something about global accounts/local accounts.

I created a second user, joined him to the admin group, and could still log in fine using the gateway, but not client. Same with the default administrator account-worked great on the gateway, not the client.

I thought for a while, that maybe it's because I'm already logged on the gateway with one administrator account, that I can't use the same admin account on the client, but I don't think that's the problem because I logged in using the secondary account that I created on the gateway computer, and the primary account on the client. But I still get the "Aministrator Only" error.

It might just have some other problems though. Could this not even be a problem with user accounts and just a registry or system file problem instead? One other thing, I remember in the event viewer receiving the error of protected system files being overwritten, such as clockf.ax, etc... they all had .ax as their ending file extention.

Still troubleshooting... Glad to hear yours is working though...

Steve
 
Upvote 0 Downvote
Steve,

If you are using a workgroup you need to setup duplicate accounts on EACH machine in the group. Global and domain accounts only exsist on a domain server and are only accessable by computers attached to that domain.

There are two basic types of user accounts, domain and local.

Domain accounts exist on a domain controler and are effected by the GPOs and permissions that are in that domain. For example, if you have 9 computers and 1 domain controler in a domain called PizzaIsGood and you want to allow user JDoe to login to any of the machines you create 1 account on the Domain Controler (DC) and set his permsissions, restrictions, etc once on the DC.

On the other hand,

Local accounts only exist on a sigle PC. For example if you have 10 PCs in a room that are connected as a workgroup and you want JDoe to be able to login to each PC you have to create 10 user accounts (one on each computer) for JDoe and set his permissions, restrictions, etc 10 times.

You need to create the same account with the same permissions on both PCs before you will be able to login with that user name.

If this doesn't help and you are still having problems let me know.

CJ

- Paper MCSE in training
 
Upvote 0 Downvote
CJ,

That does help. I do have a user account with admin privileges on each machine. I'll tell you what I see, and maybe you can tell me what I'm missing?

control panel>admin tools>comp management>local users and groups>users> Here I have the username bellins1 and the Administrator account. I click on the properties, both are members of the administrators group.

control panel>admin tools>comp management>local users and groups>groups> click on administrators, properties... Both the default administrator and bellins1 usernames are in there as members.

control panel>users and passwords> click on administrators, and below the title "password for administrator" it says "to change the password for Administrator, click set password". click on properties, under the group membership tab with the "other" radio button selected, Administrators group is selected.

click on bellins1, and it won't let you change the password without pressing ctrl-alt-del. click on properties, under the group membership tab with the "other" radio button selected, Administrators group is selected.


one other thing that I keep reading in the event viewer:
"The IP Security policy for ISAKMP/Oakley specified an encryption algorithm that is invalid due to export cryptography restrictions." Does that mean anything to you? Could that be a problem?

Also, what is the difference between "Local Settings" and "Effective Settings" such as under the User Rights Assignment window of the Local Security Settings? Is this the local and domain accounts that you were talking about?

Thanks,

Steve
 
Upvote 0 Downvote
If you want to change the password for bellins1, press CTRL-ALT-DEL while logged in as bellins1 and choose the "Change Password..." option in the Windows Security dialog box. Alternately you can log on as Administrator and go to "Users and Passwords" in the Control Panel and change the password of bellins1. Remember that Administrator is a user and Administrators is a group with administrative privileges.

Good Luck
 
Upvote 0 Downvote
Tpugil,

I understand that, however, I need to know how to give myself administrative rights that allow me to log in to the windows update application.

Possibly, you need global as well as local admin privileges. I'm not sure. But I do know that my other machine has admin priv, and I can log in just fine. However, this machine shows that it has a the default administrator account as well as a second account, both in the administrators group. This should allow me to log in to windows update... I do not know why it won't.

Anyone know?

Thanks,

Steve
 
Upvote 0 Downvote
Hey, it's me again. My user DIDN'T have access to all necessary folders that I thought he did. I checked and he WAS in the Administrators group, but he didn't have the access. I changed the security setup on necessary folders to give him access and now he's up and running at full steam.

Thanks,

Joe Brouillette
 
Upvote 0 Downvote
Well guys,

I went the drastic route, which I think was about my only choice at this point... I deleted all my partitions, formatted the whole thing as one big part, then restarted with the win2k cd, deleted that part, and created the partitions that I wanted during setup...

I logged in ok, renamed the administrator as the username that I wanted, and now have full access... I can use windows update, etc... That was the biggest problem... I don't know what went wrong last time, but I think it was a bad install(maybe something to do with partitions and the boot record), because this time, everything installed in less than 1/2 hour, and it hasn't crashed after 6 hours...(that was a big problem, along with protected system files being overwritten)...

Anyway, I'm going to monitor it for a while and see if all goes well, but so far she's looking good :)

Thanks a LOT for all your help...

And I have to say a cool saying that I saw:

"In a World without walls and fences, who needs Windows and Gates?"

Anyway, Good Luck...............

Steve
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Question
Windows 11 Screen Colours have changed (slightly) 3
Replies
14
Views
781
pjw001
pjw001
theConjurian
  • Locked
  • Question
No administrator rights after upgrading to Windows 11
Replies
19
Views
351
goombawaho
goombawaho
VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
199
guitarzan
guitarzan
Diane Sandstrom
  • Locked
  • Question
PDF with highlighting
Replies
2
Views
72
Diane Sandstrom
Diane Sandstrom
Marguerite Bourgeois
  • Locked
  • Question
I have a document in which margins
Replies
2
Views
76
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top