none
Cant access Local Users and Groups from AD

    Question

  • Hi...

    I just register this 2 new server (win server 2008) into my AD with platform win server 2003.

    server1 name = dbw01
    server2 name = dbw02

    From the AD, when i browse tru under Computers, i can see those 2 new server BUT when i try to manage those 2 new servers, under local users and groups, i cant access that. There was an error "Unable to access the computer DBW01.dbpmain.gov.my. The error was:Access is denied"

    Others computer i managed to go tru under local users and groups. The step i taken to register this 2 new server are all same with others servers.

    FYI, this 2 new server is just being upgraded from win server 2003 enterprise to win server 2008...

    Do anyone can assist me with this error? i'm really desperate to make sure i can browse tru under local users and group from my AD...TQVM
    Wednesday, December 10, 2008 7:15 AM

Answers

  •  

    Hi,

     

    As Salvador suggested, you should try to check the permission of your user. I suggest you log into the new server and add your account to their local Administrators group.

     

    1.       On new servers, click start, type "user accounts", type Enter. Click Manage User Accunts, click Add to add your account. Please try to test. Is there any progress?

     

    2.       If not, Please try to connect to them using Event Log.  Click Start, type "eventvwr", press Enter. Right-click Event Viewer in the left panel, choose "Connect to another computer", type the name or IP of those server. Could you connect to it?

     

    3.       Open AD Users and Computers, choose Computers, right-click the new server, choose Properties, switch to Delegation tab, choose the option Trust this computer for delegation to any service.

     

    4.       Run the following command to make sure Firewall will not affect Remote Management

     

    netsh advfirewall set allprofiles state off

     

    5.       Click Start, type "services.msc", press Enter, find "Remote Registry" service, make sure it’s started.

    6.       Click Start, type "regedit", press Enter, navigate to the  following key.

     

    HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg

     

    Right-click winreg, click Permission, give Full Control to your user account.

     

    Restart the system and test. Does the error appear again?

     

    Thanks.

    Thursday, December 11, 2008 10:54 AM
    Moderator

All replies

  • Please ensure that the account you are using has administrative rights on the two servers. Likewise, verify that the you have allowed Remote Administration to pass through your firewall (in the Group Policy on Windows Firewall, ensure that the "Allow Remote Administration exception" is set to Allow).

    Regards,

    Salvador Manaois III
    MCITP | Server/Enterprise Administrator
    MCSE MCSA MCTS C|EH CIWA
    Bytes & Badz: http://badzmanaois.blogspot.com
    Wednesday, December 10, 2008 7:32 AM
  • Hi salvador..

    When i looked at other server that can be access, i see the firewall is turned off. So i turn off as well the firewall setting at this 2 new server but still cant connect.

    And i have assign the administrative right on this 2 server


    Wednesday, December 10, 2008 8:05 AM
  •  

    Hi,

     

    As Salvador suggested, you should try to check the permission of your user. I suggest you log into the new server and add your account to their local Administrators group.

     

    1.       On new servers, click start, type "user accounts", type Enter. Click Manage User Accunts, click Add to add your account. Please try to test. Is there any progress?

     

    2.       If not, Please try to connect to them using Event Log.  Click Start, type "eventvwr", press Enter. Right-click Event Viewer in the left panel, choose "Connect to another computer", type the name or IP of those server. Could you connect to it?

     

    3.       Open AD Users and Computers, choose Computers, right-click the new server, choose Properties, switch to Delegation tab, choose the option Trust this computer for delegation to any service.

     

    4.       Run the following command to make sure Firewall will not affect Remote Management

     

    netsh advfirewall set allprofiles state off

     

    5.       Click Start, type "services.msc", press Enter, find "Remote Registry" service, make sure it’s started.

    6.       Click Start, type "regedit", press Enter, navigate to the  following key.

     

    HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg

     

    Right-click winreg, click Permission, give Full Control to your user account.

     

    Restart the system and test. Does the error appear again?

     

    Thanks.

    Thursday, December 11, 2008 10:54 AM
    Moderator