issue with domain account installing from network

D

Dytralis

Limp Gawd
Joined
Feb 6, 2003
Messages
358
I have an issue with one of my member servers at work that I can't figure out for the life of me. It's a fresh install of server 2003 and I can not get any domain accounts logged onto it to install programs from any network path what-so-ever. For example, if I log on the server using the domain administrator account and try to install a program from the primary domain controller I get a "you don't have permission" error. If I try to install a program from another server I get the same error. However, I can install programs from the local machine just fine. What makes this even weirder if that if I log onto the local machine's admin account (non-domain related) I can install anything from anywhere. I've tried a gpupdate /force, tried to reset all the security permissions in the registry with SubInACL, checked out all the settings in AD and the local computer policy.

I've also checked it from another server we installed a couple weeks ago that's configured the same way.... works perfectly. The domain administrator can install stuff over the network no problem.

any idea or any other info needed?
 
Is this member server using the DCs IP address as its DNS server in TCP properties?

Is it logging into the domain, or a local login?
 
yeah, the member server had the DC's IP's entered correctly (two of them btw)

I can log into the server just fine both on a local account and a domain account without any issues.

when I ran a dcresult on the server that's having issues, it's receiving gpo info from our backup domain controller... like it doesn't like the primary very much

I checked the event logs and all I found was an error stating:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 3/15/2009
Time: 4:52:39 PM
User: NT AUTHORITY\SYSTEM
Computer: TERM12
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I get that error every time I log onto the server and at no other time

it feels like it's an issue with the underlying network configuration
 
sooo if anyone runs into this problem... uninstall the windows component "internet explorer enhanced security configuration"

apparently it will block domain users logged in locally to the machine the ability to install programs from across the network

:rolleyes:
 
Good find, really interesting result. Curious, were you installing from a mapped drive or UNC?
 
it didn't matter. trying to install anything from a network location failed whether or not I used the UNC, mapped drive, or browsed the network for the file.
 
Dytralis said:
it didn't matter. trying to install anything from a network location failed whether or not I used the UNC, mapped drive, or browsed the network for the file.
Click to expand...

It's because it's classified as a different zone (than localhost). You can increase the trust level for the zone, removed enhanced configuration or copy the install files locally.
 
You must log in or register to reply here.
Back
Top