|
View Full Version : Membership of user in Active Directory
Hi,
I am asking this question in this forum partly it is
active directory related and security related. Hope I am
in the correct forum. Otherwise pls advise.
I installed Norton Antivirus on my local workstation, I
can only do so when I log in as administrator. Well fine.
After installation, I login to the DOMAIN with my own
username.
While trying to run live update (Norton Antivirus) on this
workstation, I was unable to do so due to I was
assigned "domain user" in active directory.
But when I was assigned "Domain Admin" or any other
administrators rights in the active directory, I was able
to perform liveupdate sucessfully.
Also, if I login as Administrator locally, I am able to do
so as well.
My question is wouldn't it be cumbersome for someone to
login as administrator locally to perform liveupdate then
login back to his/her own profile ?
Also, doesn't it defeats the purpose of security whereby
one needs to be assigned "administrator" rights or login
locally as administrator to just perform a liveupdate ?
BTW, I did try to add myself (domain user) in the security
properties and set to full control and propagate
throughout the entire drive C:, but still it does not help.
Also, I am unable to add myself(domain user) as a member
of the local computer administrator.
Can anyone please advise on this as I have been searching
the answer for months on this until I finally post this
here.
Thanks very much.. :(
|
This has nothing to do with Active Directory. Your problem relates to the Norton Antivirus software. Can you not schedule Live-Updates while logged on as Administrator? "Alvyn" wrote in message
news:d92301c43b2d$45b5b580$a401280a@phx.gbl...
> Hi,
>
> I am asking this question in this forum partly it is
> active directory related and security related. Hope I am
> in the correct forum. Otherwise pls advise.
>
> I installed Norton Antivirus on my local workstation, I
> can only do so when I log in as administrator. Well fine.
>
> After installation, I login to the DOMAIN with my own
> username.
> While trying to run live update (Norton Antivirus) on this
> workstation, I was unable to do so due to I was
> assigned "domain user" in active directory.
>
> But when I was assigned "Domain Admin" or any other
> administrators rights in the active directory, I was able
> to perform liveupdate sucessfully.
> Also, if I login as Administrator locally, I am able to do
> so as well.
>
> My question is wouldn't it be cumbersome for someone to
> login as administrator locally to perform liveupdate then
> login back to his/her own profile ?
>
> Also, doesn't it defeats the purpose of security whereby
> one needs to be assigned "administrator" rights or login
> locally as administrator to just perform a liveupdate ?
>
> BTW, I did try to add myself (domain user) in the security
> properties and set to full control and propagate
> throughout the entire drive C:, but still it does not help.
>
> Also, I am unable to add myself(domain user) as a member
> of the local computer administrator.
>
> Can anyone please advise on this as I have been searching
> the answer for months on this until I finally post this
> here.
>
> Thanks very much.. :(
|
Hi sir, I did not schedule any liveupdate, rather I did manual liveupdate be it login as administrator or user. I just want to know whether is there anyway where I can assigned admininstrator rights of the local machine to a domain user in the active directory. FYI, I got the domain name "grey out" in the "Look in" dialogue box while trying to assign membership to the user. Thanks >-----Original Message----- >This has nothing to do with Active Directory. Your problem relates to the >Norton Antivirus software. > >Can you not schedule Live-Updates while logged on as Administrator? > > >"Alvyn" wrote in
message
>news:d92301c43b2d$45b5b580$a401280a@phx.gbl...
>> Hi,
>>
>> I am asking this question in this forum partly it is
>> active directory related and security related. Hope I am
>> in the correct forum. Otherwise pls advise.
>>
>> I installed Norton Antivirus on my local workstation, I
>> can only do so when I log in as administrator. Well
fine.
>>
>> After installation, I login to the DOMAIN with my own
>> username.
>> While trying to run live update (Norton Antivirus) on
this
>> workstation, I was unable to do so due to I was
>> assigned "domain user" in active directory.
>>
>> But when I was assigned "Domain Admin" or any other
>> administrators rights in the active directory, I was
able
>> to perform liveupdate sucessfully.
>> Also, if I login as Administrator locally, I am able to
do
>> so as well.
>>
>> My question is wouldn't it be cumbersome for someone to
>> login as administrator locally to perform liveupdate
then
>> login back to his/her own profile ?
>>
>> Also, doesn't it defeats the purpose of security whereby
>> one needs to be assigned "administrator" rights or login
>> locally as administrator to just perform a liveupdate ?
>>
>> BTW, I did try to add myself (domain user) in the
security
>> properties and set to full control and propagate
>> throughout the entire drive C:, but still it does not
help.
>>
>> Also, I am unable to add myself(domain user) as a member
>> of the local computer administrator.
>>
>> Can anyone please advise on this as I have been
searching
>> the answer for months on this until I finally post this
>> here.
>>
>> Thanks very much.. :(
>
>
>.
>
|
Sure you can... On the workstation in question you can do net localgroup administrators yourdomain\youruser /add You can also use a freeware tool from [url]www.joeware.net[/url] called lg to do it.... lg \\machinename\administrators yourdomain\youruser /add Finally you could do it through group policies in the domain but that could get a little involved depending on exactly who you want added to the administrators group. It generally isn't good to try and do one off administration of workstations through AD, it is for doing administration of large groups of machines. joe -- Joe Richards Microsoft MVP Windows Server Directory Services [url]www.joeware.net[/url] [email]anonymous@discussions.microsoft.com[/email] wrote:[color=blue] > Hi sir, > > I did not schedule any liveupdate, rather I did manual > liveupdate be it login as administrator or user. > > I just want to know whether is there anyway where I can > assigned admininstrator rights of the local machine to a > domain user in the active directory. > > FYI, I got the domain name "grey out" in the "Look in" > dialogue box while trying to assign membership to the user. > > Thanks > > >[color=green] >>-----Original Message----- >>This has nothing to do with Active Directory. Your[/color] > > problem relates to the >[color=green] >>Norton Antivirus software. >> >>Can you not schedule Live-Updates while logged on as[/color] > > Administrator? >[color=green] >> >>"Alvyn" wrote in[/color]
>
> message
>[color=green]
>>news:d92301c43b2d$45b5b580$a401280a@phx.gbl...
>>[color=darkred]
>>>Hi,
>>>
>>>I am asking this question in this forum partly it is
>>>active directory related and security related. Hope I am
>>>in the correct forum. Otherwise pls advise.
>>>
>>>I installed Norton Antivirus on my local workstation, I
>>>can only do so when I log in as administrator. Well[/color][/color]
>
> fine.
>[color=green][color=darkred]
>>>After installation, I login to the DOMAIN with my own
>>>username.
>>>While trying to run live update (Norton Antivirus) on[/color][/color]
>
> this
>[color=green][color=darkred]
>>>workstation, I was unable to do so due to I was
>>>assigned "domain user" in active directory.
>>>
>>>But when I was assigned "Domain Admin" or any other
>>>administrators rights in the active directory, I was[/color][/color]
>
> able
>[color=green][color=darkred]
>>>to perform liveupdate sucessfully.
>>>Also, if I login as Administrator locally, I am able to[/color][/color]
>
> do
>[color=green][color=darkred]
>>>so as well.
>>>
>>>My question is wouldn't it be cumbersome for someone to
>>>login as administrator locally to perform liveupdate[/color][/color]
>
> then
>[color=green][color=darkred]
>>>login back to his/her own profile ?
>>>
>>>Also, doesn't it defeats the purpose of security whereby
>>>one needs to be assigned "administrator" rights or login
>>>locally as administrator to just perform a liveupdate ?
>>>
>>>BTW, I did try to add myself (domain user) in the[/color][/color]
>
> security
>[color=green][color=darkred]
>>>properties and set to full control and propagate
>>>throughout the entire drive C:, but still it does not[/color][/color]
>
> help.
>[color=green][color=darkred]
>>>Also, I am unable to add myself(domain user) as a member
>>>of the local computer administrator.
>>>
>>>Can anyone please advise on this as I have been[/color][/color]
>
> searching
>[color=green][color=darkred]
>>>the answer for months on this until I finally post this
>>>here.
>>>
>>>Thanks very much.. :([/color]
>>
>>
>>.
>>[/color][/color]
|
Log in as local administrator, From command prompt, type NET LOCALGROUP ADMINISTRATORS /ADD "NT AUTHORITY\INTERACTIVE" This way whoever logs on at the computer will have local admin rights.. wrote in message
news:dc2901c43b48$16eafec0$a301280a@phx.gbl...[color=blue]
> Hi sir,
>
> I did not schedule any liveupdate, rather I did manual
> liveupdate be it login as administrator or user.
>
> I just want to know whether is there anyway where I can
> assigned admininstrator rights of the local machine to a
> domain user in the active directory.
>
> FYI, I got the domain name "grey out" in the "Look in"
> dialogue box while trying to assign membership to the user.
>
> Thanks
>
>[color=green]
> >-----Original Message-----
> >This has nothing to do with Active Directory. Your[/color]
> problem relates to the[color=green]
> >Norton Antivirus software.
> >
> >Can you not schedule Live-Updates while logged on as[/color]
> Administrator?[color=green]
> >
> >
> >"Alvyn" wrote in[/color]
> message[color=green]
> >news:d92301c43b2d$45b5b580$a401280a@phx.gbl...[color=darkred]
> >> Hi,
> >>
> >> I am asking this question in this forum partly it is
> >> active directory related and security related. Hope I am
> >> in the correct forum. Otherwise pls advise.
> >>
> >> I installed Norton Antivirus on my local workstation, I
> >> can only do so when I log in as administrator. Well[/color][/color]
> fine.[color=green][color=darkred]
> >>
> >> After installation, I login to the DOMAIN with my own
> >> username.
> >> While trying to run live update (Norton Antivirus) on[/color][/color]
> this[color=green][color=darkred]
> >> workstation, I was unable to do so due to I was
> >> assigned "domain user" in active directory.
> >>
> >> But when I was assigned "Domain Admin" or any other
> >> administrators rights in the active directory, I was[/color][/color]
> able[color=green][color=darkred]
> >> to perform liveupdate sucessfully.
> >> Also, if I login as Administrator locally, I am able to[/color][/color]
> do[color=green][color=darkred]
> >> so as well.
> >>
> >> My question is wouldn't it be cumbersome for someone to
> >> login as administrator locally to perform liveupdate[/color][/color]
> then[color=green][color=darkred]
> >> login back to his/her own profile ?
> >>
> >> Also, doesn't it defeats the purpose of security whereby
> >> one needs to be assigned "administrator" rights or login
> >> locally as administrator to just perform a liveupdate ?
> >>
> >> BTW, I did try to add myself (domain user) in the[/color][/color]
> security[color=green][color=darkred]
> >> properties and set to full control and propagate
> >> throughout the entire drive C:, but still it does not[/color][/color]
> help.[color=green][color=darkred]
> >>
> >> Also, I am unable to add myself(domain user) as a member
> >> of the local computer administrator.
> >>
> >> Can anyone please advise on this as I have been[/color][/color]
> searching[color=green][color=darkred]
> >> the answer for months on this until I finally post this
> >> here.
> >>
> >> Thanks very much.. :([/color]
> >
> >
> >.
> >[/color][/color]
|
Hi Mr Joe Richards Thanks very much for the info. Just curious, you mean within AD itself we cannot assign local machine admin rights to domain users ? Regards :) [color=blue] >-----Original Message----- >Sure you can... > >On the workstation in question you can do > >net localgroup administrators yourdomain\youruser /add > >You can also use a freeware tool from [url]www.joeware.net[/url][/color] called lg to do it....[color=blue] > >lg \\machinename\administrators yourdomain\youruser /add > > >Finally you could do it through group policies in the[/color] domain but that could get[color=blue] >a little involved depending on exactly who you want added[/color] to the administrators[color=blue] >group. It generally isn't good to try and do one off[/color] administration of[color=blue] >workstations through AD, it is for doing administration[/color] of large groups of machines.[color=blue] > > joe > > >-- >Joe Richards Microsoft MVP Windows Server Directory[/color] Services[color=blue] >[url]www.joeware.net[/url] > > > >anonymous@discussions.microsoft.com wrote:[color=green] >> Hi sir, >> >> I did not schedule any liveupdate, rather I did manual >> liveupdate be it login as administrator or user. >> >> I just want to know whether is there anyway where I can >> assigned admininstrator rights of the local machine to[/color][/color] a[color=blue][color=green] >> domain user in the active directory. >> >> FYI, I got the domain name "grey out" in the "Look in" >> dialogue box while trying to assign membership to the[/color][/color] user.[color=blue][color=green] >> >> Thanks >> >> >>[color=darkred] >>>-----Original Message----- >>>This has nothing to do with Active Directory. Your[/color] >> >> problem relates to the >>[color=darkred] >>>Norton Antivirus software. >>> >>>Can you not schedule Live-Updates while logged on as[/color] >> >> Administrator? >>[color=darkred] >>> >>>"Alvyn" wrote in[/color]
>>
>> message
>>[color=darkred]
>>>news:d92301c43b2d$45b5b580$a401280a@phx.gbl...
>>>
>>>>Hi,
>>>>
>>>>I am asking this question in this forum partly it is
>>>>active directory related and security related. Hope I[/color][/color][/color]
am[color=blue][color=green][color=darkred]
>>>>in the correct forum. Otherwise pls advise.
>>>>
>>>>I installed Norton Antivirus on my local workstation, I
>>>>can only do so when I log in as administrator. Well[/color]
>>
>> fine.
>>[color=darkred]
>>>>After installation, I login to the DOMAIN with my own
>>>>username.
>>>>While trying to run live update (Norton Antivirus) on[/color]
>>
>> this
>>[color=darkred]
>>>>workstation, I was unable to do so due to I was
>>>>assigned "domain user" in active directory.
>>>>
>>>>But when I was assigned "Domain Admin" or any other
>>>>administrators rights in the active directory, I was[/color]
>>
>> able
>>[color=darkred]
>>>>to perform liveupdate sucessfully.
>>>>Also, if I login as Administrator locally, I am able[/color][/color][/color]
to[color=blue][color=green]
>>
>> do
>>[color=darkred]
>>>>so as well.
>>>>
>>>>My question is wouldn't it be cumbersome for someone to
>>>>login as administrator locally to perform liveupdate[/color]
>>
>> then
>>[color=darkred]
>>>>login back to his/her own profile ?
>>>>
>>>>Also, doesn't it defeats the purpose of security[/color][/color][/color]
whereby[color=blue][color=green][color=darkred]
>>>>one needs to be assigned "administrator" rights or[/color][/color][/color]
login[color=blue][color=green][color=darkred]
>>>>locally as administrator to just perform a liveupdate ?
>>>>
>>>>BTW, I did try to add myself (domain user) in the[/color]
>>
>> security
>>[color=darkred]
>>>>properties and set to full control and propagate
>>>>throughout the entire drive C:, but still it does not[/color]
>>
>> help.
>>[color=darkred]
>>>>Also, I am unable to add myself(domain user) as a[/color][/color][/color]
member[color=blue][color=green][color=darkred]
>>>>of the local computer administrator.
>>>>
>>>>Can anyone please advise on this as I have been[/color]
>>
>> searching
>>[color=darkred]
>>>>the answer for months on this until I finally post this
>>>>here.
>>>>
>>>>Thanks very much.. :(
>>>
>>>
>>>.
>>>[/color][/color]
>.
>[/color]
|
Hi Mr Jack Hawkins Thank you very much for the info. Just curious, does it mean that it can only be done via CLI ? and not AD itself ? Regards :) [color=blue] >-----Original Message----- >Log in as local administrator, > >From command prompt, type > >NET LOCALGROUP ADMINISTRATORS /ADD "NT[/color] AUTHORITY\INTERACTIVE"[color=blue] > >This way whoever logs on at the computer will have local[/color] admin rights..[color=blue] > > > > wrote in message
>news:dc2901c43b48$16eafec0$a301280a@phx.gbl...[color=green]
>> Hi sir,
>>
>> I did not schedule any liveupdate, rather I did manual
>> liveupdate be it login as administrator or user.
>>
>> I just want to know whether is there anyway where I can
>> assigned admininstrator rights of the local machine to a
>> domain user in the active directory.
>>
>> FYI, I got the domain name "grey out" in the "Look in"
>> dialogue box while trying to assign membership to the[/color][/color]
user.[color=blue][color=green]
>>
>> Thanks
>>
>>[color=darkred]
>> >-----Original Message-----
>> >This has nothing to do with Active Directory. Your[/color]
>> problem relates to the[color=darkred]
>> >Norton Antivirus software.
>> >
>> >Can you not schedule Live-Updates while logged on as[/color]
>> Administrator?[color=darkred]
>> >
>> >
>> >"Alvyn" wrote in[/color]
>> message[color=darkred]
>> >news:d92301c43b2d$45b5b580$a401280a@phx.gbl...
>> >> Hi,
>> >>
>> >> I am asking this question in this forum partly it is
>> >> active directory related and security related. Hope[/color][/color][/color]
I am[color=blue][color=green][color=darkred]
>> >> in the correct forum. Otherwise pls advise.
>> >>
>> >> I installed Norton Antivirus on my local[/color][/color][/color]
workstation, I[color=blue][color=green][color=darkred]
>> >> can only do so when I log in as administrator. Well[/color]
>> fine.[color=darkred]
>> >>
>> >> After installation, I login to the DOMAIN with my own
>> >> username.
>> >> While trying to run live update (Norton Antivirus) on[/color]
>> this[color=darkred]
>> >> workstation, I was unable to do so due to I was
>> >> assigned "domain user" in active directory.
>> >>
>> >> But when I was assigned "Domain Admin" or any other
>> >> administrators rights in the active directory, I was[/color]
>> able[color=darkred]
>> >> to perform liveupdate sucessfully.
>> >> Also, if I login as Administrator locally, I am able[/color][/color][/color]
to[color=blue][color=green]
>> do[color=darkred]
>> >> so as well.
>> >>
>> >> My question is wouldn't it be cumbersome for someone[/color][/color][/color]
to[color=blue][color=green][color=darkred]
>> >> login as administrator locally to perform liveupdate[/color]
>> then[color=darkred]
>> >> login back to his/her own profile ?
>> >>
>> >> Also, doesn't it defeats the purpose of security[/color][/color][/color]
whereby[color=blue][color=green][color=darkred]
>> >> one needs to be assigned "administrator" rights or[/color][/color][/color]
login[color=blue][color=green][color=darkred]
>> >> locally as administrator to just perform a[/color][/color][/color]
liveupdate ?[color=blue][color=green][color=darkred]
>> >>
>> >> BTW, I did try to add myself (domain user) in the[/color]
>> security[color=darkred]
>> >> properties and set to full control and propagate
>> >> throughout the entire drive C:, but still it does not[/color]
>> help.[color=darkred]
>> >>
>> >> Also, I am unable to add myself(domain user) as a[/color][/color][/color]
member[color=blue][color=green][color=darkred]
>> >> of the local computer administrator.
>> >>
>> >> Can anyone please advise on this as I have been[/color]
>> searching[color=darkred]
>> >> the answer for months on this until I finally post[/color][/color][/color]
this[color=blue][color=green][color=darkred]
>> >> here.
>> >>
>> >> Thanks very much.. :(
>> >
>> >
>> >.
>> >[/color][/color]
>
>
>.
>[/color]
|
No, you can do this via restriced groups in group policy, alternatively you could add the user to the Administrators group in the Builtin container in Users & Computers snapin. by default the Domain Admins group will be in the Local Administrators group of a computer which is a member of the domain. By giving users administrator rights to their computers, you will end up causing more headaches for yourself when they start installing their own software and changing system settings. You'd be better off configuring Norton Antivirus to schedule live updates every day. "Alvyn" wrote in message
news:dc7501c43b57$f22326c0$a301280a@phx.gbl...[color=blue]
> Hi Mr Jack Hawkins
>
> Thank you very much for the info.
>
> Just curious, does it mean that it can only be done via
> CLI ? and not AD itself ?
>
> Regards :)
>
>[color=green]
> >-----Original Message-----
> >Log in as local administrator,
> >
> >From command prompt, type
> >
> >NET LOCALGROUP ADMINISTRATORS /ADD "NT[/color]
> AUTHORITY\INTERACTIVE"[color=green]
> >
> >This way whoever logs on at the computer will have local[/color]
> admin rights..[color=green]
> >
> >
> >
> > wrote in message
> >news:dc2901c43b48$16eafec0$a301280a@phx.gbl...[color=darkred]
> >> Hi sir,
> >>
> >> I did not schedule any liveupdate, rather I did manual
> >> liveupdate be it login as administrator or user.
> >>
> >> I just want to know whether is there anyway where I can
> >> assigned admininstrator rights of the local machine to a
> >> domain user in the active directory.
> >>
> >> FYI, I got the domain name "grey out" in the "Look in"
> >> dialogue box while trying to assign membership to the[/color][/color]
> user.[color=green][color=darkred]
> >>
> >> Thanks
> >>
> >>
> >> >-----Original Message-----
> >> >This has nothing to do with Active Directory. Your
> >> problem relates to the
> >> >Norton Antivirus software.
> >> >
> >> >Can you not schedule Live-Updates while logged on as
> >> Administrator?
> >> >
> >> >
> >> >"Alvyn" wrote in
> >> message
> >> >news:d92301c43b2d$45b5b580$a401280a@phx.gbl...
> >> >> Hi,
> >> >>
> >> >> I am asking this question in this forum partly it is
> >> >> active directory related and security related. Hope[/color][/color]
> I am[color=green][color=darkred]
> >> >> in the correct forum. Otherwise pls advise.
> >> >>
> >> >> I installed Norton Antivirus on my local[/color][/color]
> workstation, I[color=green][color=darkred]
> >> >> can only do so when I log in as administrator. Well
> >> fine.
> >> >>
> >> >> After installation, I login to the DOMAIN with my own
> >> >> username.
> >> >> While trying to run live update (Norton Antivirus) on
> >> this
> >> >> workstation, I was unable to do so due to I was
> >> >> assigned "domain user" in active directory.
> >> >>
> >> >> But when I was assigned "Domain Admin" or any other
> >> >> administrators rights in the active directory, I was
> >> able
> >> >> to perform liveupdate sucessfully.
> >> >> Also, if I login as Administrator locally, I am able[/color][/color]
> to[color=green][color=darkred]
> >> do
> >> >> so as well.
> >> >>
> >> >> My question is wouldn't it be cumbersome for someone[/color][/color]
> to[color=green][color=darkred]
> >> >> login as administrator locally to perform liveupdate
> >> then
> >> >> login back to his/her own profile ?
> >> >>
> >> >> Also, doesn't it defeats the purpose of security[/color][/color]
> whereby[color=green][color=darkred]
> >> >> one needs to be assigned "administrator" rights or[/color][/color]
> login[color=green][color=darkred]
> >> >> locally as administrator to just perform a[/color][/color]
> liveupdate ?[color=green][color=darkred]
> >> >>
> >> >> BTW, I did try to add myself (domain user) in the
> >> security
> >> >> properties and set to full control and propagate
> >> >> throughout the entire drive C:, but still it does not
> >> help.
> >> >>
> >> >> Also, I am unable to add myself(domain user) as a[/color][/color]
> member[color=green][color=darkred]
> >> >> of the local computer administrator.
> >> >>
> >> >> Can anyone please advise on this as I have been
> >> searching
> >> >> the answer for months on this until I finally post[/color][/color]
> this[color=green][color=darkred]
> >> >> here.
> >> >>
> >> >> Thanks very much.. :(
> >> >
> >> >
> >> >.
> >> >[/color]
> >
> >
> >.
> >[/color][/color]
|
Hi Mr Jack Hawkins, Once again, Thanks you. I will try on those advise you have given me. :) [color=blue] >-----Original Message----- >No, you can do this via restriced groups in group policy,[/color] alternatively you[color=blue] >could add the user to the Administrators group in the[/color] Builtin container in[color=blue] >Users & Computers snapin. > >by default the Domain Admins group will be in the Local[/color] Administrators group[color=blue] >of a computer which is a member of the domain. > >By giving users administrator rights to their computers,[/color] you will end up[color=blue] >causing more headaches for yourself when they start[/color] installing their own[color=blue] >software and changing system settings. > >You'd be better off configuring Norton Antivirus to[/color] schedule live updates[color=blue] >every day. > >"Alvyn" wrote in[/color]
message[color=blue]
>news:dc7501c43b57$f22326c0$a301280a@phx.gbl...[color=green]
>> Hi Mr Jack Hawkins
>>
>> Thank you very much for the info.
>>
>> Just curious, does it mean that it can only be done via
>> CLI ? and not AD itself ?
>>
>> Regards :)
>>
>>[color=darkred]
>> >-----Original Message-----
>> >Log in as local administrator,
>> >
>> >From command prompt, type
>> >
>> >NET LOCALGROUP ADMINISTRATORS /ADD "NT[/color]
>> AUTHORITY\INTERACTIVE"[color=darkred]
>> >
>> >This way whoever logs on at the computer will have[/color][/color][/color]
local[color=blue][color=green]
>> admin rights..[color=darkred]
>> >
>> >
>> >
>> > wrote in message
>> >news:dc2901c43b48$16eafec0$a301280a@phx.gbl...
>> >> Hi sir,
>> >>
>> >> I did not schedule any liveupdate, rather I did[/color][/color][/color]
manual[color=blue][color=green][color=darkred]
>> >> liveupdate be it login as administrator or user.
>> >>
>> >> I just want to know whether is there anyway where I[/color][/color][/color]
can[color=blue][color=green][color=darkred]
>> >> assigned admininstrator rights of the local machine[/color][/color][/color]
to a[color=blue][color=green][color=darkred]
>> >> domain user in the active directory.
>> >>
>> >> FYI, I got the domain name "grey out" in the "Look[/color][/color][/color]
in"[color=blue][color=green][color=darkred]
>> >> dialogue box while trying to assign membership to the[/color]
>> user.[color=darkred]
>> >>
>> >> Thanks
>> >>
>> >>
>> >> >-----Original Message-----
>> >> >This has nothing to do with Active Directory. Your
>> >> problem relates to the
>> >> >Norton Antivirus software.
>> >> >
>> >> >Can you not schedule Live-Updates while logged on as
>> >> Administrator?
>> >> >
>> >> >
>> >> >"Alvyn" wrote[/color][/color][/color]
in[color=blue][color=green][color=darkred]
>> >> message
>> >> >news:d92301c43b2d$45b5b580$a401280a@phx.gbl...
>> >> >> Hi,
>> >> >>
>> >> >> I am asking this question in this forum partly it[/color][/color][/color]
is[color=blue][color=green][color=darkred]
>> >> >> active directory related and security related.[/color][/color][/color]
Hope[color=blue][color=green]
>> I am[color=darkred]
>> >> >> in the correct forum. Otherwise pls advise.
>> >> >>
>> >> >> I installed Norton Antivirus on my local[/color]
>> workstation, I[color=darkred]
>> >> >> can only do so when I log in as administrator.[/color][/color][/color]
Well[color=blue][color=green][color=darkred]
>> >> fine.
>> >> >>
>> >> >> After installation, I login to the DOMAIN with my[/color][/color][/color]
own[color=blue][color=green][color=darkred]
>> >> >> username.
>> >> >> While trying to run live update (Norton[/color][/color][/color]
Antivirus) on[color=blue][color=green][color=darkred]
>> >> this
>> >> >> workstation, I was unable to do so due to I was
>> >> >> assigned "domain user" in active directory.
>> >> >>
>> >> >> But when I was assigned "Domain Admin" or any[/color][/color][/color]
other[color=blue][color=green][color=darkred]
>> >> >> administrators rights in the active directory, I[/color][/color][/color]
was[color=blue][color=green][color=darkred]
>> >> able
>> >> >> to perform liveupdate sucessfully.
>> >> >> Also, if I login as Administrator locally, I am[/color][/color][/color]
able[color=blue][color=green]
>> to[color=darkred]
>> >> do
>> >> >> so as well.
>> >> >>
>> >> >> My question is wouldn't it be cumbersome for[/color][/color][/color]
someone[color=blue][color=green]
>> to[color=darkred]
>> >> >> login as administrator locally to perform[/color][/color][/color]
liveupdate[color=blue][color=green][color=darkred]
>> >> then
>> >> >> login back to his/her own profile ?
>> >> >>
>> >> >> Also, doesn't it defeats the purpose of security[/color]
>> whereby[color=darkred]
>> >> >> one needs to be assigned "administrator" rights or[/color]
>> login[color=darkred]
>> >> >> locally as administrator to just perform a[/color]
>> liveupdate ?[color=darkred]
>> >> >>
>> >> >> BTW, I did try to add myself (domain user) in the
>> >> security
>> >> >> properties and set to full control and propagate
>> >> >> throughout the entire drive C:, but still it does[/color][/color][/color]
not[color=blue][color=green][color=darkred]
>> >> help.
>> >> >>
>> >> >> Also, I am unable to add myself(domain user) as a[/color]
>> member[color=darkred]
>> >> >> of the local computer administrator.
>> >> >>
>> >> >> Can anyone please advise on this as I have been
>> >> searching
>> >> >> the answer for months on this until I finally post[/color]
>> this[color=darkred]
>> >> >> here.
>> >> >>
>> >> >> Thanks very much.. :(
>> >> >
>> >> >
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >[/color][/color]
>
>
>.
>[/color]
|
No not saying that, just saying if you want to assign the permissions to specific people on specific machines, AD isn't the efficient way to handle that. If you don't mind assigning everyone that logs onto the machine as admin then you can do what the other poster indicated with interactive logon security principal. joe -- Joe Richards Microsoft MVP Windows Server Directory Services [url]www.joeware.net[/url] Alvyn wrote:[color=blue] > Hi Mr Joe Richards > > Thanks very much for the info. > > Just curious, you mean within AD itself we cannot assign > local machine admin rights to domain users ? > > Regards :) > > >[color=green] >>-----Original Message----- >>Sure you can... >> >>On the workstation in question you can do >> >>net localgroup administrators yourdomain\youruser /add >> >>You can also use a freeware tool from [url]www.joeware.net[/url][/color] > > called lg to do it.... >[color=green] >>lg \\machinename\administrators yourdomain\youruser /add >> >> >>Finally you could do it through group policies in the[/color] > > domain but that could get >[color=green] >>a little involved depending on exactly who you want added[/color] > > to the administrators >[color=green] >>group. It generally isn't good to try and do one off[/color] > > administration of >[color=green] >>workstations through AD, it is for doing administration[/color] > > of large groups of machines. >[color=green] >> joe >> >> >>-- >>Joe Richards Microsoft MVP Windows Server Directory[/color] > > Services >[color=green] >>[url]www.joeware.net[/url] >> >> >> >>anonymous@discussions.microsoft.com wrote: >>[color=darkred] >>>Hi sir, >>> >>>I did not schedule any liveupdate, rather I did manual >>>liveupdate be it login as administrator or user. >>> >>>I just want to know whether is there anyway where I can >>>assigned admininstrator rights of the local machine to[/color][/color] > > a >[color=green][color=darkred] >>>domain user in the active directory. >>> >>>FYI, I got the domain name "grey out" in the "Look in" >>>dialogue box while trying to assign membership to the[/color][/color] > > user. >[color=green][color=darkred] >>>Thanks >>> >>> >>> >>> >>>>-----Original Message----- >>>>This has nothing to do with Active Directory. Your >>> >>>problem relates to the >>> >>> >>>>Norton Antivirus software. >>>> >>>>Can you not schedule Live-Updates while logged on as >>> >>>Administrator? >>> >>> >>>>"Alvyn" wrote in
>>>
>>>message
>>>
>>>
>>>>news:d92301c43b2d$45b5b580$a401280a@phx.gbl...
>>>>
>>>>
>>>>>Hi,
>>>>>
>>>>>I am asking this question in this forum partly it is
>>>>>active directory related and security related. Hope I[/color][/color]
>
> am
>[color=green][color=darkred]
>>>>>in the correct forum. Otherwise pls advise.
>>>>>
>>>>>I installed Norton Antivirus on my local workstation, I
>>>>>can only do so when I log in as administrator. Well
>>>
>>>fine.
>>>
>>>
>>>>>After installation, I login to the DOMAIN with my own
>>>>>username.
>>>>>While trying to run live update (Norton Antivirus) on
>>>
>>>this
>>>
>>>
>>>>>workstation, I was unable to do so due to I was
>>>>>assigned "domain user" in active directory.
>>>>>
>>>>>But when I was assigned "Domain Admin" or any other
>>>>>administrators rights in the active directory, I was
>>>
>>>able
>>>
>>>
>>>>>to perform liveupdate sucessfully.
>>>>>Also, if I login as Administrator locally, I am able[/color][/color]
>
> to
>[color=green][color=darkred]
>>>do
>>>
>>>
>>>>>so as well.
>>>>>
>>>>>My question is wouldn't it be cumbersome for someone to
>>>>>login as administrator locally to perform liveupdate
>>>
>>>then
>>>
>>>
>>>>>login back to his/her own profile ?
>>>>>
>>>>>Also, doesn't it defeats the purpose of security[/color][/color]
>
> whereby
>[color=green][color=darkred]
>>>>>one needs to be assigned "administrator" rights or[/color][/color]
>
> login
>[color=green][color=darkred]
>>>>>locally as administrator to just perform a liveupdate ?
>>>>>
>>>>>BTW, I did try to add myself (domain user) in the
>>>
>>>security
>>>
>>>
>>>>>properties and set to full control and propagate
>>>>>throughout the entire drive C:, but still it does not
>>>
>>>help.
>>>
>>>
>>>>>Also, I am unable to add myself(domain user) as a[/color][/color]
>
> member
>[color=green][color=darkred]
>>>>>of the local computer administrator.
>>>>>
>>>>>Can anyone please advise on this as I have been
>>>
>>>searching
>>>
>>>
>>>>>the answer for months on this until I finally post this
>>>>>here.
>>>>>
>>>>>Thanks very much.. :(
>>>>
>>>>
>>>>.
>>>>[/color]
>>
>>.
>>[/color][/color]
|
Hi Mr Joe Richards Got you. :) Thanks [color=blue] >-----Original Message----- >No not saying that, just saying if you want to assign the[/color] permissions to[color=blue] >specific people on specific machines, AD isn't the[/color] efficient way to handle that.[color=blue] > If you don't mind assigning everyone that logs onto the[/color] machine as admin then[color=blue] >you can do what the other poster indicated with[/color] interactive logon security[color=blue] >principal. > > joe > >-- >Joe Richards Microsoft MVP Windows Server Directory[/color] Services[color=blue] >[url]www.joeware.net[/url] > > > >Alvyn wrote:[color=green] >> Hi Mr Joe Richards >> >> Thanks very much for the info. >> >> Just curious, you mean within AD itself we cannot[/color][/color] assign[color=blue][color=green] >> local machine admin rights to domain users ? >> >> Regards :) >> >> >>[color=darkred] >>>-----Original Message----- >>>Sure you can... >>> >>>On the workstation in question you can do >>> >>>net localgroup administrators yourdomain\youruser /add >>> >>>You can also use a freeware tool from [url]www.joeware.net[/url][/color] >> >> called lg to do it.... >>[color=darkred] >>>lg \\machinename\administrators yourdomain\youruser /add >>> >>> >>>Finally you could do it through group policies in the[/color] >> >> domain but that could get >>[color=darkred] >>>a little involved depending on exactly who you want[/color][/color][/color] added[color=blue][color=green] >> >> to the administrators >>[color=darkred] >>>group. It generally isn't good to try and do one off[/color] >> >> administration of >>[color=darkred] >>>workstations through AD, it is for doing administration[/color] >> >> of large groups of machines. >>[color=darkred] >>> joe >>> >>> >>>-- >>>Joe Richards Microsoft MVP Windows Server Directory[/color] >> >> Services >>[color=darkred] >>>[url]www.joeware.net[/url] >>> >>> >>> >>>anonymous@discussions.microsoft.com wrote: >>> >>>>Hi sir, >>>> >>>>I did not schedule any liveupdate, rather I did manual >>>>liveupdate be it login as administrator or user. >>>> >>>>I just want to know whether is there anyway where I[/color][/color][/color] can[color=blue][color=green][color=darkred] >>>>assigned admininstrator rights of the local machine to[/color] >> >> a >>[color=darkred] >>>>domain user in the active directory. >>>> >>>>FYI, I got the domain name "grey out" in the "Look in" >>>>dialogue box while trying to assign membership to the[/color] >> >> user. >>[color=darkred] >>>>Thanks >>>> >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>This has nothing to do with Active Directory. Your >>>> >>>>problem relates to the >>>> >>>> >>>>>Norton Antivirus software. >>>>> >>>>>Can you not schedule Live-Updates while logged on as >>>> >>>>Administrator? >>>> >>>> >>>>>"Alvyn" wrote[/color][/color][/color]
in[color=blue][color=green][color=darkred]
>>>>
>>>>message
>>>>
>>>>
>>>>>news:d92301c43b2d$45b5b580$a401280a@phx.gbl...
>>>>>
>>>>>
>>>>>>Hi,
>>>>>>
>>>>>>I am asking this question in this forum partly it is
>>>>>>active directory related and security related. Hope[/color][/color][/color]
I[color=blue][color=green]
>>
>> am
>>[color=darkred]
>>>>>>in the correct forum. Otherwise pls advise.
>>>>>>
>>>>>>I installed Norton Antivirus on my local[/color][/color][/color]
workstation, I[color=blue][color=green][color=darkred]
>>>>>>can only do so when I log in as administrator. Well
>>>>
>>>>fine.
>>>>
>>>>
>>>>>>After installation, I login to the DOMAIN with my own
>>>>>>username.
>>>>>>While trying to run live update (Norton Antivirus)[/color][/color][/color]
on[color=blue][color=green][color=darkred]
>>>>
>>>>this
>>>>
>>>>
>>>>>>workstation, I was unable to do so due to I was
>>>>>>assigned "domain user" in active directory.
>>>>>>
>>>>>>But when I was assigned "Domain Admin" or any other
>>>>>>administrators rights in the active directory, I was
>>>>
>>>>able
>>>>
>>>>
>>>>>>to perform liveupdate sucessfully.
>>>>>>Also, if I login as Administrator locally, I am able[/color]
>>
>> to
>>[color=darkred]
>>>>do
>>>>
>>>>
>>>>>>so as well.
>>>>>>
>>>>>>My question is wouldn't it be cumbersome for someone[/color][/color][/color]
to[color=blue][color=green][color=darkred]
>>>>>>login as administrator locally to perform liveupdate
>>>>
>>>>then
>>>>
>>>>
>>>>>>login back to his/her own profile ?
>>>>>>
>>>>>>Also, doesn't it defeats the purpose of security[/color]
>>
>> whereby
>>[color=darkred]
>>>>>>one needs to be assigned "administrator" rights or[/color]
>>
>> login
>>[color=darkred]
>>>>>>locally as administrator to just perform a[/color][/color][/color]
liveupdate ?[color=blue][color=green][color=darkred]
>>>>>>
>>>>>>BTW, I did try to add myself (domain user) in the
>>>>
>>>>security
>>>>
>>>>
>>>>>>properties and set to full control and propagate
>>>>>>throughout the entire drive C:, but still it does[/color][/color][/color]
not[color=blue][color=green][color=darkred]
>>>>
>>>>help.
>>>>
>>>>
>>>>>>Also, I am unable to add myself(domain user) as a[/color]
>>
>> member
>>[color=darkred]
>>>>>>of the local computer administrator.
>>>>>>
>>>>>>Can anyone please advise on this as I have been
>>>>
>>>>searching
>>>>
>>>>
>>>>>>the answer for months on this until I finally post[/color][/color][/color]
this[color=blue][color=green][color=darkred]
>>>>>>here.
>>>>>>
>>>>>>Thanks very much.. :(
>>>>>
>>>>>
>>>>>.
>>>>>
>>>
>>>.
>>>[/color][/color]
>.
>[/color]
|
|
|
|