Options

network vs. local permissions

w^rl0rdw^rl0rd Member Posts: 329
in Windows 2000 Core
If a user is assigned local Admin rights, but doesn't have network Admin rights assigned through Active Directory, would the users local Admin rights be cancelled out when logged onto the network?

I hope that wasn't too confusing.

The permissions will depend if logged on locally or over the network right?
· Share on FacebookShare on Twitter

Comments

  • Options
    pandimuspandimus Member Posts: 651
    Technically that person would not really have any rights, except on that one computer. (well any rights not otherwise given in their permissions set in AD). So that person can set up anything on that computer. But as soon as they do anything on the network they have whatever permissions that are set in AD.. Sorry for repeating. So to answer you question.. Yes they lose those permissions. Or even better they never even had them.. If i'm confusing you please tell me..
    Xinxing is the hairy one.
    · Share on FacebookShare on Twitter
  • Options
    w^rl0rdw^rl0rd Member Posts: 329
    So network permissions override local?
    So if someone is a User in AD, but an Admin locally, after authenticating they will effectively be a User right?
    · Share on FacebookShare on Twitter
  • Options
    pandimuspandimus Member Posts: 651
    depends where they log in at.. If they log in locally at that terminal they have permissions to change the settings on that computer, but if they log on the network then they will have just there user permissions.
    Xinxing is the hairy one.
    · Share on FacebookShare on Twitter
  • Options
    RexelRexel Member Posts: 29 ■□□□□□□□□□
    Yep .. from my understanding icon_idea.gif

    Network Login - AD assigned rights and permissions.

    Local machine login - rights and permissions assigned to the user's account locally.

    GPO's in AD will over-ride any rights a user has assigned locally when logging onto a correctly configured AD enabled domain :D

    Just gotta love AD! :D:D
    · Share on FacebookShare on Twitter
  • Options
    w^rl0rdw^rl0rd Member Posts: 329
    Thanks Rexel and Pandimus. That's what I thought.
    One of my users had deskside support come out and assign him to the Admin group, but he never had his network permissions changed.
    After logging into the box, he wondered why he still had User level perms.

    Anyway, thanks for clearing it up for me.
    · Share on FacebookShare on Twitter
  • Options
    RexelRexel Member Posts: 29 ■□□□□□□□□□
    Happy to help :)
    · Share on FacebookShare on Twitter
  • Options
    lmullilmulli Member Posts: 1 ■□□□□□□□□□
    If you have used lusmgr.msc on the local machine to add the users network account to the local admin group, then regardless of what type of user they are on the network, they will remain an admin on the local machine.

    This is quite a useful feature as it happens. Only recently I had to add a number of users to the local admin group in order for some financial software to function correctly. Bit of a security threat to the local machine, but when it only takes 10 minutes or so to re-image, and most users aren't bothered in wrecking their systems anyway, its not all bad news icon_smile.gif
    · Share on FacebookShare on Twitter
Sign In or Register to comment.