Windows XP Local Administrators
Results 1 to 4 of 4

Thread: Windows XP Local Administrators

  1. #1
    Join Date
    Feb 2000
    Location
    Texas
    Posts
    112

    Windows XP Local Administrators

    Here's a problem that has plagued me for several months. I posted this on here several months ago to try and resolve it but had no success. I am going to try and re-post the problem today with the hope that someone may know a solution.
    Here we go:

    I recently set up a Windows 2000 Server SP4 Active Directory domain controller for one of our offices. The clients on this network use Windows XP Professional SP1. I want users to be able to modify settings and install programs on their local machine. In order to do this, they must be an administrator on their local machine. Normally, I go into Computer Management under Administrative Tools. Then I go to Local Users and Groups and add the user from the domain to the local administrators group. This is all done while logged in to the system as a domain administrator.
    However, when I click on the Add button, and then click the Advanced button to pull the user list from the domain, I get the following error: "The advanced page cannot be opened because of the following error: The Local Security Authority cannot be contacted."
    If I try and manually type in the user account, the system will tell me to correct the name because it can't be found. I am typing it in using the format: DOMAINNAME\USERNAME.
    Additionally, when domain users log on to their system, it takes about 5 minutes for them to log in. I think there is some sort of policy or authentication issue on the server, but I have no idea what to modify. I tried the knowledge base and found the following article:
    http://support.microsoft.com/default...b;en-us;817584
    Unfortunately, I have to contact Microsoft to get this file. I haven't done that yet. It's a last resort.

    Another interesting article was listed here, too:
    http://support.microsoft.com/default...b;en-us;316710
    However, the setting for Kerberos Key Distribution Center was already set to Automatic.

    I believe the error has something to do with either the domain security policy or something with the Kerberos protocol.

    I've already tried reinstalling the server and downloading the latest updates for both the server and client. I've made absolutely no progress on this problem from day 1.
    This problem does not occur on our office networks that use NT Server 4.0 as a domain controller.
    Has anyone experienced something remotely similar to this or knows where I might be able to find some help?

    Thank you all very much for your time.

  2. #2
    Join Date
    Feb 2001
    Location
    Adelaide, South Australia
    Posts
    6,447
    I can't offer any advice on the problem, but don't feel the need to hold back on getting that hotfix. Provided you open the call with something like "Hi, I need to get the hotfix from KB article 817584," instead of "Hi, I'm having trouble adding a user to the Local Administrators group," they won't even ask for a credit card number. Even if you don't install the patch straight away, you've got it handy if you decide to try it.

  3. #3
    Join Date
    Apr 2002
    Posts
    2,122
    Check DNS. Make sure the client computers are pointing to a valid DNS server in their local subnet. Also, make sure the Domain Controller is configured as a Global Catalog.

  4. #4
    Join Date
    Feb 2000
    Location
    Texas
    Posts
    112
    I ended up calling Microsoft tech support and finally fixed this problem. The problem was with DNS. I had to delete the "." entry under the forward lookup zones and add my ISP's DNS servers in the forwarders.
    I also had to reconfigure my router's DHCP server to serve the IP address of the active directory server for DNS instead of the ISP's DNS servers.
    Last, I had to unjoin the domain on each of the clients and rejoin the domain.
    This not only fixes the problem with making a user a local admin, but it also fixed the problem with the long delay at logon.
    I believe that this is what you suggested Trop. I just did not know how to configure the DNS server.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •