none
Windows 7 PCs on Server 2003. Help a rookie understand please!

    Question

  • Hi There,
    So I'm having a lot of drama's installing 2 new Windows 7 workstations into a Windows Server 2003 SP2 environment and hope somebody can push me in the right direction. I'll try to summarize the environment and issue, and give some specific questions I have about this process, as I am quite new to it all.

    At a small school we have 2 Server 2003 SP2 servers, one for curriculum, one for administration which are linked together (in a 'forest'??)
    The admin office had some old XP machines, which I am replacing with 2 windows 7 pro machines. My process was as follows:
    - Create a new admin computer in AD ('admin4' for example)
    - Rename computer to 'admin4' and add to administration domain instead of default workgroup.
    - Add 'admin4' to dnsmgmt on administration server, assigning IP address Host + Pointer

    Result: I can login to accounts on the administration domain and access the internet, shared file directories and shared printer on administration domain.

    PROBLEMS:
    - I cannot access any accounts or shared printers on the curriculum domain. I am unable to ping the curriculum server or attached printers.
    - UAC pops up for every action, even though the user is an administrator. I can use the domain administration account to elevate this, but it still pops up each time
    I have tried using one pc to install RSAT and use a GPO manager to remove UAC, however the results are the UAC prompt does not display, it just errors with varying messages of 'user does not have sufficient privileges.'

    Also, there are already a couple Windows 7 machines attached to the curriculum network that function correctly, so I feel like I'm just missing a step in this process somewhere maybe... Any help or ideas would be greatly appreciated. I can post more info as people request it.

    - Im sure this is a stupid question, but, in the DNS management console, under properties->security of a computer. For eg. 'Admin1' will have a listing of 'Admin1$' which has full read/write access, and this is also listed as the owner. However the new computers I add do not have this, and have SYSTEM listed as the owner. What would be the ComputerName$ group that I can see on all of these??


    That will do for now. Let me know If you need more specific info in any area.

    Friday, May 10, 2013 12:35 AM

Answers

  • OK, so, thanks so much for pointing out that I hadn't done anything specifically wrong, as I was doubting that and investigating the wrong areas. I had activated a group policy early on that was suggested elsewhere that was preventing access to the curriculum network. Disabling this has resolved that issue.
    I can now access the shared files and printers (though no driver for win7 64bit)
    Still need to sort out the UAC problem, but at least it now shows up so I can elevate it when required.
    Will update after today and mark the issue as resolved

    UPDATE
    All problems resolved now. Of course it was a simple issue all along
    - A group policy setting on the server was preventing access to the curriculum network
    - With access to curriculum network I could add printers and update with x64 drivers
    - UAC was set to auto elevate by adding the user to the local machine as administrator while logged in as domain administrator



    Thanks everyone for your help!
    Thursday, May 16, 2013 10:44 PM

All replies

  • You seem to have more than one problem.

    The more important to me is the inability to ping. Open a cmd in elevated prompt, and try to ping your domain controller IP.

    If that does not work, you got a networking error that you must rule out first.

    If so, post an ipconfig /all from your domain controller and from that computer.

    Thanks !


    MCP | MCTS 70-236: Exchange Server 2007, Configuring

    Twitter - @yagmoth555 ()
    Blog: http://www.jabea.net | http://blogs.technet.com/b/wikininjas/

    Friday, May 10, 2013 3:57 AM
  • Hey thanks, I will try and do this as soon as possible. Might run in tomorrow and get an ipconfig /all print out and post here. I believe though, I was able to ping the 'administration' domain controller, but not 'curriculum'
    Friday, May 10, 2013 4:33 AM
  • I can't get into the office for a couple other days so if anyone has any other input feel free to chime in also with anything I can research/consider. Also If anyone can let me know what the security group 'computername$' is likely reference to that would be great. Thanks!
    Friday, May 10, 2013 11:36 PM
  • Hello,

    please post the used domain name in AD UC, the NEtBios domain name and the domain name shown in the DNS management console from each of the domains.

    Maybe there is no trust so you cannot use resources from the other domain.

    An unedited ipconfig /all from each server and a client from each network will be helpful also.

    Normally there is no need to pre-creaete computer accounts in AD, just add the machine to the domain and it will be automatically use the machine name and place it in AD UC computers container from where you can move it to the required OU in AD UC.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Tuesday, May 14, 2013 11:23 AM
  • Thanks a lot for the reply.

    I don't have all the info you requested on hand, but I'll post what info I can, I have some ipconfig printouts.

    Right off the bat I am noticing the new machines are missing addresses in the 'DNS Suffix Search List'. I imagine this is likely the cause of the missing connection from the admin domain to the curriculum domain?
    I was short on time, but could not see where these were set. Is this likely to be done in group policy? And should that have populated to the new PC's automatically? There were no settings in TCP/IP on the working PC's.

    So far when I have added new machines, they have not worked till I create a new computer manually in AD. Might need to look into that further.

    X's replace the school address. Prefer to keep this info private.

    Domain 1: curriculum.local
    Don't have ipconfig printout for this one

    Domain 2: administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : adminserver
       Primary Dns Suffix  . . . . . . . : administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au
                                           XXXXXXX.XXXXX.XXXXXXXX.edu.au
                                           XXXXX.XXXXXXXX.edu.au
                                           XXXXXXXX.edu.au
                                           edu.au

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physical Address. . . . . . . . . : 00-1D-7D-74-84-DD
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 10.145.180.10
       Subnet Mask . . . . . . . . . . . : 255.255.254.0
       Default Gateway . . . . . . . . . : 10.145.180.1
       DNS Servers . . . . . . . . . . . : 10.145.180.10
       Primary WINS Server . . . . . . . : 10.145.180.10

    Existing and working PC (Windows XP) - AdminLaptop

    Windows IP Configuration

            Host Name . . . . . . . . . . . . : AdminLaptop
            Primary Dns Suffix  . . . . . . . : administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au
            Node Type . . . . . . . . . . . . : Hybrid
            IP Routing Enabled. . . . . . . . : No
            WINS Proxy Enabled. . . . . . . . : No
            DNS Suffix Search List. . . . . . : administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au
                                                administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au
                                                XXXXXXX.XXXXX.XXXXXXXX.edu.au
                                                XXXXX.XXXXXXXX.edu.au
                                                XXXXXXXX.edu.au
                                                edu.au

    Ethernet adapter Local Area Connection 2:

            Connection-specific DNS Suffix  . : administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au
            Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
            Physical Address. . . . . . . . . : 00-24-81-5C-3F-DC
            Dhcp Enabled. . . . . . . . . . . : Yes
            Autoconfiguration Enabled . . . . : Yes
            IP Address. . . . . . . . . . . . : 10.145.180.63
            Subnet Mask . . . . . . . . . . . : 255.255.254.0
            Default Gateway . . . . . . . . . : 10.145.180.1
            DHCP Server . . . . . . . . . . . : 10.145.180.10
            DNS Servers . . . . . . . . . . . : 10.145.180.10
            Primary WINS Server . . . . . . . : 10.145.180.10
            Lease Obtained. . . . . . . . . . : Tuesday, 14 May 2013 8:13:40 AM
            Lease Expires . . . . . . . . . . : Wednesday, 22 May 2013 8:13:40 AM

    Ethernet adapter Wireless Network Connection 2:

            Media State . . . . . . . . . . . : Media disconnected
            Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 5100
            Physical Address. . . . . . . . . : 00-1E-65-01-89-40

    New PC with issues (Windows 7) - Administration4

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : ADMINISTRATION4
       Primary Dns Suffix  . . . . . . . : administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . : administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au
       Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
       Physical Address. . . . . . . . . : B8-CA-3A-78-74-C8
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::9c69:6a97:e848:fec3%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.145.180.65(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.254.0
       Lease Obtained. . . . . . . . . . : Tuesday, 14 May 2013 7:33:57 PM
       Lease Expires . . . . . . . . . . : Wednesday, 22 May 2013 7:33:57 PM
       Default Gateway . . . . . . . . . : 10.145.180.1
       DHCP Server . . . . . . . . . . . : 10.145.180.10
       DHCPv6 IAID . . . . . . . . . . . : 246991418
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-FB-1F-56-B8-CA-3A-78-74-C8

       DNS Servers . . . . . . . . . . . : 10.145.180.10
       Primary WINS Server . . . . . . . : 10.145.180.10
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tuesday, May 14, 2013 11:15 PM
  • Hello,

    how are the domains curriculum.local and administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au connected? Is there a trust between them or not? Or are there in the same forest?

    ADMINISTRATION4 should work in the administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au domain without any problem as the ip configuration is correct.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Wednesday, May 15, 2013 8:37 AM
  • Hi, I'm still getting my head around the system so I am not completely sure. Am only there once a week so will need to look into it in a couple days. But if I have some ideas that I can work through to try and resolve and save time that would be great
    They don't seem to be in the same forest, as in I cannot see any reference to curriculum.local in dnsmgmt or AD. Would I likely need to look in the DNS settings to find this out? 
    Computers on curriculum.local have no access to the administration network, but the administration domain PC's should have access to the printers and such on curriculum..

    ADMINISTRATION4 for the most part does work on administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au
    The only 2 issues I'm having now are:
    - Unable to access Printers or files curriculum.local
    - Users who should have full administration rights, and do so on the WinXP machines, are unable to perform any function locked down by UAC win Win7. Errors such as 'user does not have privilege to perform this task'

    Also there are the missing entries in 'DNS Suffix Search List'


    • Edited by iMangles Wednesday, May 15, 2013 10:32 AM
    Wednesday, May 15, 2013 10:12 AM
  • Hello,

    The only 2 issues I'm having now are:
    - Unable to access Printers or files curriculum.local       How do you connect to the domain shares and printer?

    - Users who should have full administration rights, and do so on the WinXP machines, are unable to perform any function locked down by UAC win Win7. Errors such as 'user does not have privilege to perform this task'     Is this about the other domain or on the administration.x.x..x.xx. domain?


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Wednesday, May 15, 2013 11:21 AM
  • How do you connect to the domain shares and printer?
    They are just mapped network drives or shared printers.
    Eg. \\10.129.180.17\students (I would need to check what the exact IP is)
    With the pc that is working I can simply add new shared network printer by name eg 'Photocopier' or \\10.129.180.17\Photocopier
    (Let me know if this isnt what you mean sorry...)

     Is this about the other domain or on the administration.x.x..x.xx. domain?
    This is on the administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au domain
    So a separate issue to the network shares. I can access shared files and printers on administration.XXXXXXX.XXXXX.XXXXXXXX.edu.au with no problems

    Wednesday, May 15, 2013 11:42 AM
  • Hello,

    which complete error message is shown when you use Eg. \\10.129.180.17\students to connect? This way should work if no firewall prevent access, of course as it is on another domain/forest you would be asked for domain\username and password with permissions on the folder.

    UAC on Windows 7 require to work with RUNAS(elevated permissions) even for administrators, so please try again with rightclick and choose RUNAS.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Wednesday, May 15, 2013 12:39 PM
  • Hi, I am quite sure it is 'Windows cannot access \\10.129.180.17\students    --   Check the spelling of the name etc etc.' when trying to map a drive. When entering straight into explorer it is the same
    I will have to confirm this tomorrow when I have access to the systems however.
    When trying to add a printer from the curriculum network but using its name, I'm pretty sure I receive the error 'Connect to Printer -- Windows couldn't connect to the printer. Check the printer name and try again. If this is a network printer, make sure that the printer is turned on, and that the printer address is correct'

    I can try both of these things tomorrow and post back if I am still unable to resolve. If you have any ideas on which areas are best to troubleshoot that would be great! Ill try the things you mentioned and check firewall etc and post back with results.

    Thanks a lot for the help so far!

    Wednesday, May 15, 2013 10:05 PM
  • OK, so, thanks so much for pointing out that I hadn't done anything specifically wrong, as I was doubting that and investigating the wrong areas. I had activated a group policy early on that was suggested elsewhere that was preventing access to the curriculum network. Disabling this has resolved that issue.
    I can now access the shared files and printers (though no driver for win7 64bit)
    Still need to sort out the UAC problem, but at least it now shows up so I can elevate it when required.
    Will update after today and mark the issue as resolved

    UPDATE
    All problems resolved now. Of course it was a simple issue all along
    - A group policy setting on the server was preventing access to the curriculum network
    - With access to curriculum network I could add printers and update with x64 drivers
    - UAC was set to auto elevate by adding the user to the local machine as administrator while logged in as domain administrator



    Thanks everyone for your help!
    Thursday, May 16, 2013 10:44 PM
  • Hello,

    thanks for the feedback about your solution. It is often that self-made configuration result in problems. :-)


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Friday, May 17, 2013 6:48 AM