Windows 7 users added to the adminstrators group are not equivilent to the local administrator

ddecoursey

New Member
Joined
Nov 10, 2009
I cant access any control panel applets
I cant add "my computer" to my desktop If I select PERSONALIZE I get an "unspecified error" from explorer.exe

I have a red X notification in the system tray but get no response to my selelction to access the Action center

who knows, this could just be the tip of the iceberg...... how can I make sure these newly added admin level users are not trated like junior operators ?
 
Is this on a domain network or a local computer? If its on a domain, you need to add them to Domain Administrators.

If its on a local system make sure they are added to:

Administrators
HomeUsers (Home Users)

To ensure this is the case:

Start -> lusrmgr.msc
Navigate to Users. Edit the user and ensure those settings.

Under no circumstances are any of these accounts different. Your user account is just as unique as the next administrator account on a stand-alone client. The only account that is slightly different is the disabled "Administrator". It is disabled because part of the SID (security identifier) is the same on every single copy of Windows and is a security vulnerability to have active. A potential hacker would know both the username and part of the SID-hash since the bits are the same in every copy of Windows. This has been a problem for a long time, so "Administrator" is disabled by default. Other than that, every admin account is the same unless you are on a Windows Server Active Directory / Domain network.

Sounds like if this doesn't work you should run Start -> cmd.exe

sfc /scannow

This will check the integrity of all Windows files. Unspecified errors mean either the registry is corrupt, a 3rd party tool like an anti-virus is obstructing Windows, or your system files are damaged. SFC will check the latter. You will need to deal with the 2 others by either getting a registry cleaner, or removing your anti-virus. I am giving you best guestimates since I can't see the machine from here, but I should be close. You will get closer by trying these options.
 
sorry for the delay....... I gotthe control panel stuff resolved.... but here is another annoyance:

The PC is Joined to the domain, the user is a domain user and is a member of the LOCAL Administrator group on the PC
They are used to edting the host file and they are used to copying(overwrting ) the host file..... but now they have to
run notepad as administrator and then from within notepad navigate to the host file....they all hate this is there a way to "do business the old way"
 
The problem may very well be a product of conflicting group membership.
You can explicitly grant a specific user or user group, access permission to a specific shared file or folder but if that particular user is also a member of another security group that does not have the proper level of permissions then his level access will be limited to the lowest level of the aggregate group memberships.
An example would be;
TestUser is a member of the Domain Users Group
TestUser's domain user account has explicitly been granted full control of the C:\Windows\System32\Drivers\Etc\hosts file, but Domain Users has read only permissions. As a result TestUser will only have read permissions to that file.
Likewise if the Domain Users Group has been granted full control to that file or has been added to the Local Administrators group on the client machine, but TestUser belongs to another domain security group that has only read permissions, than his cumulative permissions will be read only.
Whenever share and ntfs permissions are combined the most restrictive permissions are applied.
This may help
Link Removed - Invalid URL
 
Back
Top Bottom