OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: W2K: when is admin not admin?
From: Paul Robichaux (paulrHIWAAY.NET)
Date: Mon Mar 06 2000 - 06:07:46 CST

Today's koan: when is a privileged account not privileged?

1. New installation of W2KS retail code on freshly formatted FAT32 volume.
2. Install completes normally with no errors.
3. Machine is not member of any domain.
4. Administrator account works normally for logon.

Here's the kicker: the administrator account doesn't actually have
admin privs! I can't use the RRAS console, for example. I can't add
WINS or DNS servers. I can't clear the event log. I can't do squat.
Creating a new account and putting it in the local admins group
doesn't do any good.

The only message in the event log was that the default local machine
policy couldn't be created (80070005). A reboot seems to fix that, at
least temporarily, but the not-admin problem persists. I tried
reapplying the local policy, as suggested in Q232070. No joy. Of
course, there may be entries in the security event log but I can't
read 'em. <rimshot>

Here's a list of other things I tried, none of which have resolved the problem.

1. Converting the volume to NTFS (oops, gotta be admin to do that)
2. Reinstalling, doing the volume conversion at install.
3. Removing the local SAM.
4. Reinstalling, doing an NTFS volume conversion, and joining a
domain during install. The domain join works OK.
5. Creating a new domain account, putting it into the domain admins
group, and logging on to the problem machine with it.
6. Managing the problem machine from the domain controller.

Any suggestions, other than to buy a different computer?

Cheers,
-Paul 

--
Paul Robichaux, MCSE  |   paulrobichaux.net   |  <http://www.robichaux.net>
Robichaux & Associates: programming, writing, teaching, consulting
See http://www.exchangefaq.org for all your Exchange questions!