Group in a group administrative rights
Windows 7 Professional with 2003 Domain/Active Directory. If you put a domain user directly into the local Windows 7 Administrators group, that user gets Administrator rights. If that same user is a domain group, and that domain group is added into the local Windows 7 Administrators group, the user does not get Administrator rights. The same scenario, User->Domain Group->Local Administrators Group gives Administrator rights on Windows XP Professional. Also, I seem to have a similar issue with Server 2008. A user is in the Domain Admin group, but is unable to access one of the drives on Server 2008. Here, again, the user should have full rights, but by being in a group that's in the Administrators group, not the user itself directly in the group. Is there some other setting required to permit a Domain group added to an Administrators group to pass Administator rights to the members of that Domain Group?
August 17th, 2010 12:27am

Hi, Thanks for posting in Microsoft TechNet forums. As the issue is more related to domain, I recommend you to post in Windows Server forums for a better assistance. Best Regards Dale Qiao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2010 11:14am

I fail to see how this is more related to a domain when it's Windows 7 that's not assigning the proper rights to members of its own Administrators group. The scenario I propose works for Windows XP, not Windows 7. If it were a domain related item, this scenario should fail on Windows XP as well at Windows 7. I have posted the 2nd, similar issue into the server forum.
August 17th, 2010 11:33pm

In doing more testing, I've examined the Users group on the local machine. It contains Domain Users, NT Authority\Authenticated Users and NT Authority\Interactive. If I remove all of those groups from Users group and put them into the Administrators group, the user is unable to login. Just a black screen (Event viewer reports userinit fails to load). Adding the user directly to the Administrators group also yields a black screen. Adding just one of them back, any one of them, to the users group, allows login. The local administrators group is having absolutely no affect on any regular user assignment inside of it. My domain superuser is able to login on the machine every time, regardless of any local security assignments. Yes, these may be domain users making this a domain issue of sorts, but NT Authority\Authenticated Users and NT Authority\Interactive are local system security settings, not domain.
Free Windows Admin Tool Kit Click here and download it now
August 19th, 2010 12:04am

I am seeing very similar symptoms on a 2003 Domain with Win7 clients. Have you been able to resolve this?
December 20th, 2010 1:13pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics