I have a Windows 7 laptop joined to a new domain. I know the domain Administrator password and I have my own network ID as a domain Administrator. When I try to make any changes to this laptop, I get a UAC prompt. If I use my domain account and password, it tells me I need elevated privs - ? If I use the domain Administrator account, it just pops the same box back up asking for an Administrator user name and password. If I go into User Accounts, I can't make any changes. If I try to log on as the local administrator, this account has been disabled, likely because it's on a domain. How do I gain full administrative control of this machine? Thanks!

The nature of your question is more security oriented, try Security forum next time. "When I try to make any changes to this laptop, I get a UAC prompt" I doubt it's for 'any' changes, but more like many system level changes. "If I use my domain account and password, it tells me I need elevated privs - ?" Domain Admins are added to the local machine Admins group by default (unless your domain group policy dictates otherwise). "If I go into User Accounts, I can't make any changes." By this I am assuming you mean you can't make changes to the User Account settings in Control Panel. Then likely the account you're using isn't a member of the Local Admins (thus why you get prompted with UAC too). Depending on the domain Group policies that are applied to your laptop, you should be able to disable or reduce the UAC prompts for the level of response you're comfortable with. Since you have a Domain Admin account it should be no problem logging into your Domain Controller and modifying the Domain Group Policy as needed. Obviously if there are Domain group policies which require even Domain Admins to use certain UAC settings then those group policy settings would be in place. http://support.microsoft.com/kb/975787 In a domain these policy settings from the Group Policy Management Editory are located in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. http://technet.microsoft.com/en-us/library/dd835564(WS.10).aspx "How do I gain full administrative control of this machine?" Logon with an account which is a member of the Local Admins group or with the Local Administrator account. Since it's disabled, enable it, or add create/add a Domain (local) level Security group that your domain user account is also a member to the Local Admins group on the laptop.

"How do I gain full administrative control of this machine?" Logon with an account which is a member of the Local Admins group or with the Local Administrator account. Since it's disabled, enable it, or add create/add a Domain (local) level Security group that your domain user account is also a member to the Local Admins group on the laptop. How can I log into the local admin account to enable it if it's disabled? How can I do something like add myself to the local admins group when I can't access local User accounts? "Domain Admins are added to the local machine Admins group by default (unless your domain group policy dictates otherwise). " If this is the case, why can't I log into this laptop with Administrative pivileges? I'm a domain administrator. If I've been added by default as a local admin, why can't I make changes to the machine? (like adding drivers and so on) Thanks.

"How can I log into the local admin account to enable it if it's disabled?" I will reiterate, you need to logon with an account which is the equivelent of a Local Administrator on your system. Since the native local one is disabled, the next best route is to use a domain user account (domain\userid) or one which is a member of a group that is a member of the Local Admins group on the system in question. If noe exists as members of the Local Admins group then you'll have to add one & use it. Generally speaking, (by default) the Domain Admins security group is added to the Local Administrators group on local machines which join the domain. If this is the case in your network, then your Domain Admin account should have access to modify the settings as needed, that is unless your domain group policies restrict this or other accounts or groups from modifying the Local Admins group memberships. Please run the following to confirm your accounts membership and group policy applied to machine. Run > cmd > gpresult c:\gpresult.txt Post the output to the board. Since you stated your account is a member of the Domain Admins in your AD Domain (I trust you know the difference from Domain Admins and Domain Users), then you should have no problem in modifying the user settings. "How can I do something like add myself to the local admins group when I can't access local User accounts? " My advice is dependent on your account indeed being in the Domain Admins group, & further that you don't have Group Policies which restrict Domain Admins from modifying Local Administrator group memberships. "If this is the case, why can't I log into this laptop with Administrative pivileges?" Check your GPO's that are applied to the system in question, (use gpresult from cmd as mentioned above). Just b/c the default is the default doesn't mean your network is setup using it (maybe someone, another domain admin, has changed it?). Take a look at restricted group policies, some of the settings determine which domain groups are allowed to be members of the Local Admins group on local machines. If the settings were set to not allow domain admins, but instead another group, then that would restrict your access. http://support.microsoft.com/kb/279301 http://technet.microsoft.com/en-us/library/cc756802(WS.10).aspx http://support.microsoft.com/kb/555026/en-us

PLEASE STOP marking this question as answered. I'm still fighting with gpresult. It does nothing. I'll be back.

administrator is disabled by default in W7 not because of the domain, 1. so you need to log in to your pc by domain admin first and then you enable the admin, 2. or you can reduce the UAC level (turn it off is better :D) start>control panel>system>change UAC setting (on Action Center Category) when you said "If I use the domain Administrator account, it just pops the same box back up asking for an Administrator user name and password", is that a pop-up that u have to re-enter your user and password? if its right, so it appeared because your UAC setting, when you use UAC setting on default number even you logged with admin account this pop-up always be appeared, and the solution for this is same as number 2 above. sorry for my bad english,

For future reference: "Run > cmd > gpresult c:\gpresult.txt" This doesn't work. First, the root directory is protected by default, no permissions to write the file. Second, gpresult takes command line arguments. When I redirect the above to a folder that I can write to, I get a text file with the command line options. Oh and another thing, the file parameter needs to be redirected. This works: gpresult /z > gpresult.txt

I think the biggest issue is when you have admin/Contributor's on a site who treat people asking genuine questions like idiots, i am speaking to you "cschaar". Your rudeness and indifference to those who are seeking guidance is shameful. You started at the bottom at one point as well. You needed help and guidance. Get off your pedestal. I just found this site and I have to say, if this is how the "Contributor's treat people seeking help, I will gladly offer my assistance, if I am not blocked for my posting. CSCHAAR GFY