Windows 2008 R2 x64 - Domain group added as local admin does not seem to have proper permissions
Fresh build of Windows 2008 R2 x64 on an HP Proliant DL580 G5.
Server is added to our domain, we then add our administrative group off the domain as local admin (in the builtin administrators group).
When I login with my domain account (which is in the domain group that is in the local administrators group) - I do not seem to have full local admin rights.
The conrol panel seems incomplete, I cannot see the HP Network icon in the system tray and I lose access to local drives that only have Full control SYSTEM & Administrators.
Everthing works fine as the local admin account.
I found a few articles on this issue online - with no solutions offered.
This is only an issue on Windows 2008 servers. We also run Windows 2000 and 2003.
September 30th, 2010 1:16pm
Fresh build of Windows 2008 R2 x64 on an HP Proliant DL580 G5.
Server is added to our domain, we then add our administrative group off the domain as local admin (in the builtin administrators group).
When I login with my domain account (which is in the domain group that is in the local administrators group) - I do not seem to have full local admin rights.
The conrol panel seems incomplete, I cannot see the HP Network icon in the system tray and I lose access to local drives that only have Full control SYSTEM & Administrators.
Everthing works fine as the local admin account.
I found a few articles on this issue online - with no solutions offered.
This is only an issue on Windows 2008 servers. We also run Windows 2000 and 2003.
When you add your server to the domain, this is done automatically.
Your existing issue is due to UAC. You must still use the "right-click>Run as Administrator" to get some things done. Even command line, you must run as administrator. If you turn UAC off, it will run as administrator for the account all the time. You
need to configure a DC Group Policy object for UAC to run administrator mode.
Some UAC GPOs and how to use them
http://technet.microsoft.com/en-us/library/dd835564(WS.10).aspx
Troubleshooting UAC
http://technet.microsoft.com/en-us/library/dd835564(WS.10).aspx
The reason you're having the issue is because the "Owner" for most everything is the System Account and not the Administrator account like previous versions of Windows Server.
Running "control userpasswords2" does not show the administrators group with Domain Admins. However, if you use the "Local users and groups" snap-in, in MMC, you will see the domain admins are already part of the administrators group for any system joining
the domain.Steve Kline
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Product Specialist
Microsoft Certified Network Product Specialist
This posting is "as is" without warranties and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
September 30th, 2010 1:49pm