Problem after removed "domain users" from "local administrator"s group! > Small Business Server Support Forum

ForumsSurveysChat

Support

Forum

Download

About

Registered users

	Membership:
	Latest:Martin Baker
	New Today:4
	New Yesterday:7
	Overall:23063

Private messaging

You must be logged in to use this module.

Top 10 posters

Name	Posts
Mariette Knap	12622
Marina Roos	12280
Eriq Neale	2105
Michael Patrick	1906
Stan Guinn	1840
Robert Pearman	1724
Nick Pieters	1425
Stewart Brown	609
Kevin D.	563
william warren	548

Articles

»	Antivirus
»	Backup and restore
»	BlackBerry
»	Branch offices
»	Configuring routers
»	CRM
»	Exchange Server 2000
»	Exchange Server 2003
»	ISA Server 2000
»	ISA Server 2004
»	Macintosh integration
»	Network configuration
»	Planning and installing your SBS server
»	Press releases
»	Project server
»	Public articles
»	Remote Access
»	SBS 2000
»	SBS 2003
»	SBS 2003 R2
»	SBS 2008
»	Securing your SBS 2003 network
»	Server issues
»	Service Packs
»	Sharepoint
»	SQL 2000
»	SQL 2005
»	Subscriber articles
»	Terminal Servers
»	Third party solutions
»	Workstations

View all articles

Welcome unauthorized visitor

If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.

Small Business Server Support Forum

Unanswered Active Topics

Forums Search

Forums > Microsoft Smallbusiness Server > Small Business Server 2003

Subject: Problem after removed "domain users" from "local administrator"s group!

Prev Next

You are not authorized to post a reply.

Author

Messages

Tammy Heal User is Offline

Canada
Member since
5/19/2005

Platinum Membership
Posts: 91

7/08/2008 11:20 PM
Hello all, We are running SBS 2003 SP1 Premium with approx 14 workstations running Windows XP Pro SP2. We finally decided to remove the "domain users" group from the "local administrators" group on the workstations and since doing that we have a strange problem happening. The users can log on the network successfully but then they can not start any programs - as soon as I reverse this setting everything is fine again. This does not make sense to me - has anyone come across this before? We want this setting to tighten up on security...so users can no longer install applications, etc. If anyone has any suggestions on how to fix this that would be great!! Thanks so much in advance! Tammy

Kevin Da Silva User is Offline

Mississauga, Canada
Member since
1/12/2008

Registered Users
Posts: 563

7/14/2008 10:15 PM
Can the user start Paint? Do they get any errors? Could the applications have been installed as the local admin thus causing an issue with permissions?

MCSE:Messaging, MCTIP, SBS Specialist

Kevin Da Silva User is Offline

Mississauga, Canada
Member since
1/12/2008

Registered Users
Posts: 563

7/14/2008 10:15 PM
Also have you added them to another group on the machine?

MCSE:Messaging, MCTIP, SBS Specialist

Tammy Heal User is Offline

Canada
Member since
5/19/2005

Platinum Membership
Posts: 91

9/12/2008 11:04 PM
Hello Kevin - thank you for your replies. I am back to working on this issue now! To answer your questions - yes - the users can start Paint. When they try to start Outlook - for example - they just receive an error saying that Outlook can not be started. None of the items in their startup group start either. Again our goal is to remove the "domain users" from the local "administrators" group so they can not install software, etc. I tried adding "domain users" to the "power users" group and the same problem occurs. The applications would have been installed as either the domain user or the domain administrator - not as the local administrator. This is very strange indeed and I am hoping to resolve soon! Would you happen to have any other ideas as to what might be causing this? Thank you again! Tammy

Tammy Heal User is Offline

Canada
Member since
5/19/2005

Platinum Membership
Posts: 91

9/12/2008 11:09 PM
Forgot to mention - I also noticed that when I remove the "domain users" from the local "administrators" group that the users can not attach to their computer via RWW unless I added "domain users" to the local "remote desktop users" group.....

Marina Roos User is Offline

The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12280

9/14/2008 07:01 PM

Hi Tammy,

Were the computers and the users added with the wizards? Any errors in the eventlogs on the comuters?

Marina Roos Smallbizserver.Net Administrator

Mission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'

You are not authorized to post a reply.

Forums > Microsoft Smallbusiness Server > Small Business Server 2003 > Problem after removed "domain users" from "local administrator"s group!

ActiveForums 3.7

Forum policy

These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:

No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
No Flaming or Trolling.
No Profanity, Racism, or Prejudice.
Site Moderators have the final word on approving/removing a thread or post or comment.