# Admin privileges not working.



## AaronBHS (Aug 18, 2011)

For some reason when I use the administrator account on my workstation that is logged into the domain I keep getting the pop up to enter username and pw for installing software or anything like that that requires elevated privileges. When I put in the built in admin un/pw(the same one I use to log into my server) it still errors out saying I need elevated privileged. I have also added my user account to the built in administrator group yet still have this problem. I am not super knowledgeable when it comes to AD so can someone please put me on a path to try and figure out why this is happening? 

My work environment consists of 50 win 7 and xp workstations, 1 storage server and 1 Win 2008 R2 server used for DNS, AD, and DHCP. 

I will be happy to provide screenshot or any other info to help figure this out.

Thanks in advance. =)


----------



## 2xg (Aug 5, 2009)

Hello,

That doesn't sounds right. Are you trying to install a software or anything? or it's just an annoying pop-up?

Do you have any GPO Policies perhaps related to this issue?


----------



## shawnpb (May 30, 2010)

You may have to do this on the Windows 2008 Server end. Windows 2008 Server controls all administrative accounts and access above Windows xp's and Windows 7 administrative control I believe but I am no expert with Windows 2003 2008 server so I might be wrong.


----------



## AaronBHS (Aug 18, 2011)

2xg, it only happens when I am trying to install software, update software, or join/leave the domain, anything that typically requires elevated rights. I do no think I have initiated a GPO policy pertaining to this but as I stated before I am not too savvy with AD/GPO stuff thus I am not sure where to check.

JackBauer_24, It is my understanding that the server grants me the assigned(though AD) privileges when I log on to my workstation through the domain. So if I am part of the Administrator group, then I should have admin rights. Even if that werent the case, the operation fails even when I enter the built in admin un/pw.

hmmmm.


----------



## 2xg (Aug 5, 2009)

Try disabling the elevated prompt, it can be annoying but it is secured that way. Here's the guide.

More info here.


----------



## AaronBHS (Aug 18, 2011)

OK ill try that and let you know.


----------



## AaronBHS (Aug 18, 2011)

I logged into my workstation with the local admin account and did the steps to disable the prompting. While I was in there I noticed that you can add a user account and say that it is a domain account. So I added the domain Administrator account and my login Username account as administrators. I restarted the PC and relogged into the domain with my username and it still prompted for the username and PW when I tried to do an install but once I put in my un/pw it granted me access. Weird I think, but it's working so I am happy. Thanks again for all your help 2xg. You are my hero of the week!


----------



## AaronBHS (Aug 18, 2011)

Well, I jumped the gun. It let me install fine like i said but i just tried an uninstall and when it prompted for un/pw neither the Administrator nor my account worked; both stated they needed more elevated credentials. 
/sigh


----------



## 2xg (Aug 5, 2009)

You'll have to look on the second link that I sent you and you'll have to go deeply, sad to say might have to setup GPO in your Windows 2008 Server.

Have you setup any GPO Policies in your Network?


----------



## AaronBHS (Aug 18, 2011)

As far as I remember I did not set any GPO since the install of the new server. I will look at the second link and keep you posted. Thanks again 2xg.


----------



## 2xg (Aug 5, 2009)

I found the GPO policy for your concern. Here it is.

My recommendation, if you have not done any GPO policy before, create a Test OU, create a Test User Account within that OU. Practice the GPO using this Test OU before you implement it.

Once done, logon to any Computers in your network as this Test User, do a *gpupdate /force* command, see if the policy works.


----------



## AaronBHS (Aug 18, 2011)

Will do 2xg...again THANKS!!!


----------



## shawnpb (May 30, 2010)

That is why I said I might be wrong because I am no Windows 2008 Server expert


----------



## AaronBHS (Aug 18, 2011)

Still having lots of trouble with this issue. Can someone tell me definitively that if you are logging on to the workstation through the domain, does the workstation automatically take the privileges for the username designated by AD instead of the local permissions?
I am having the worst time trying to figure out where exactly to start the trouble shooting other than looking at the current setting for users/administrator and what groups they belong to.


----------

