ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  Active Topics Active Topics
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Full rights after migration

 Post Reply Post Reply
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
Xoxol View Drop Down
Newbie
Newbie


Joined: 01 Nov 2014
Location: USA
Online Status: Offline
Posts: 2
  Quote Xoxol Quote  Post ReplyReply Direct Link To This Post Topic: Full rights after migration
    Posted: 02 Nov 2014 at 6:19pm
Hi guys,
After migration of a local profile, it has full rights on that PC even though I have it as a domain user set up on domain controller. The only way to fix it is to recreate user's folder. But it defeats the purpose of using profwiz.
Any idea what am I doing wrong? I tried doing it on 3 different networks but still the same problem. The local username is the same as domain. Could it be a root of the problem?
Thanks in advance.
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Online Status: Offline
Posts: 1391
  Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 03 Nov 2014 at 7:24am
Hi,

Firstly, just so we are talking about the same thing: a user account exists as an entry either in Active Directory and is represented by your username; a user profile is the data associated with that user account, usually saved under C:\Users\Username. User accounts have rights and permissions, profiles do not.

Full rights to a PC are conferred through the user account being a member of the local Administrators group - either directly, or by being a member of a domain group that is added to the local administrators group. There is absolutely no way that recreating the user’s profile folder will affect whether or not the user account has administrator permissions to the machine.

Check the membership of the Administrators group on the machines.
Back to Top
Xoxol View Drop Down
Newbie
Newbie


Joined: 01 Nov 2014
Location: USA
Online Status: Offline
Posts: 2
  Quote Xoxol Quote  Post ReplyReply Direct Link To This Post Posted: 03 Nov 2014 at 7:58am
Thanks for the reply.
Yes, user account does exist on Active Directory. It's being set up as domain user, so it doesnt have local admin rights. UAC is turned on so it would give me prompt for entering admin's credentials.

The local account has same username and password as domain. As soon as I migrated it becomes a domain account with full admin rights to this particular PC. But same account has limited rights on any other PCs that I joined domain manually.

I was doing some testings. Dis joined domain, made this local account as limited user and migrated again - same story - I have full admin rights on that PC. But if I login as different user that is also set up in DC, I get limited rights.

It happened on more than one PC and on more than 1 network. The only common between all these PCs is that all of them are running Win7 and server is 2008 R2.

What else could be wrong?
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.016 seconds.