XP Clients with SBS2000

TheMSsForum.com: The Microsoft Software Forum

I've upgraded 4 of our users to XP pro, and somehow I keep making a mess of
configuring the client PC.

This is the procedure I just followed for another new (out of the box Dell)
PC:
At the SBS box add a new user, JohnDoe and a new computer JohnD.
At the client box first start up, during XP installation/configuration give
the username, JohnDoe, and the computer name, JohnD.
The client PC then starts up as local user, JohnDoe. I then follow KB316418
to join the XP client to the SBS domain, for example MYDOMAIN.

Re-boot the client PC, this time logging on as JohnDoe on MYDOMAIN.
Again follow KB316418 to install the firewall client. At this time I get
Error 1925 - insufficient priviledges.
In the client PC User Accounts I note that user JohnDoe is only a member of
the JohnD domain, so I create another user JohnDoe, member of MYDOMAIN,
standard user group.

Re-boot the PC and log on again as JohnDoe. Still have error 1925 when I try
to install the FW client. Log off JohnDoe and log on as Administrator on
JohnD. This time the FW client installs OK.

Log off Administrator and log on as JohnDoe on MYDOMAIN. Internet access is
forbidden.
In the client PC User Accounts I change JohnDoe to Administrators group.
Internet access is now possible.

So I get there in the end, but it is all a bit laborious, and I'm not happy
about making my user a local Administrator - or is that a necessary step?
Question - is there a slicker method of arriving where I want to be?


Regards
Top

Re: XP Clients with SBS2000 by jesmin

jesmin
Tue Dec 05 19:10:29 CST 2006

This is a multi-part message in MIME format.

------=_NextPart_000_0034_01C71901.6B89C080
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

SBS 2000. ..=20
Is it single NIC/ 2 NICS ?
Do you have ISA ?=20


--=20
jesmin ningthoujam=20

"Neil Raffan" <reply to group> wrote in message =
news:O4JYuaMGHHA.4116@TK2MSFTNGP05.phx.gbl...
I've upgraded 4 of our users to XP pro, and somehow I keep making a =
mess of=20
configuring the client PC.

This is the procedure I just followed for another new (out of the box =
Dell)=20
PC:
At the SBS box add a new user, JohnDoe and a new computer JohnD.
At the client box first start up, during XP installation/configuration =
give=20
the username, JohnDoe, and the computer name, JohnD.
The client PC then starts up as local user, JohnDoe. I then follow =
KB316418=20
to join the XP client to the SBS domain, for example MYDOMAIN.

Re-boot the client PC, this time logging on as JohnDoe on MYDOMAIN.
Again follow KB316418 to install the firewall client. At this time I =
get=20
Error 1925 - insufficient priviledges.
In the client PC User Accounts I note that user JohnDoe is only a =
member of=20
the JohnD domain, so I create another user JohnDoe, member of =
MYDOMAIN,=20
standard user group.

Re-boot the PC and log on again as JohnDoe. Still have error 1925 when =
I try=20
to install the FW client. Log off JohnDoe and log on as Administrator =
on=20
JohnD. This time the FW client installs OK.

Log off Administrator and log on as JohnDoe on MYDOMAIN. Internet =
access is=20
forbidden.
In the client PC User Accounts I change JohnDoe to Administrators =
group.=20
Internet access is now possible.

So I get there in the end, but it is all a bit laborious, and I'm not =
happy=20
about making my user a local Administrator - or is that a necessary =
step?
Question - is there a slicker method of arriving where I want to be?


Regards


------=_NextPart_000_0034_01C71901.6B89C080
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.5346.5" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DTahoma color=3D#008080 size=3D2>SBS 2000. .. =
</FONT></DIV>
<DIV><FONT face=3DTahoma color=3D#008080 size=3D2>Is it single NIC/ 2 =
NICS=20
?</FONT></DIV>
<DIV><FONT face=3DTahoma color=3D#008080 size=3D2>Do you have ISA ? =
</FONT></DIV>
<DIV><FONT face=3DTahoma color=3D#008080 size=3D2></FONT>&nbsp;</DIV>
<DIV><BR>-- <BR>jesmin ningthoujam <BR></DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #008080 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Neil Raffan" &lt;reply to group&gt; wrote in message <A=20
=
href=3D"news:O4JYuaMGHHA.4116@TK2MSFTNGP05.phx.gbl">news:O4JYuaMGHHA.4116=
@TK2MSFTNGP05.phx.gbl</A>...</DIV>I've=20
upgraded 4 of our users to XP pro, and somehow I keep making a mess of =

<BR>configuring the client PC.<BR><BR>This is the procedure I just =
followed=20
for another new (out of the box Dell) <BR>PC:<BR>At the SBS box add a =
new=20
user, JohnDoe and a new computer JohnD.<BR>At the client box first =
start up,=20
during XP installation/configuration give <BR>the username, JohnDoe, =
and the=20
computer name, JohnD.<BR>The client PC then starts up as local user, =
JohnDoe.=20
I then follow KB316418 <BR>to join the XP client to the SBS domain, =
for=20
example MYDOMAIN.<BR><BR>Re-boot the client PC, this time logging on =
as=20
JohnDoe on MYDOMAIN.<BR>Again follow KB316418 to install the firewall =
client.=20
At this time I get <BR>Error 1925 - insufficient priviledges.<BR>In =
the client=20
PC User Accounts I note that user JohnDoe is only a member of <BR>the =
JohnD=20
domain, so I create another user JohnDoe, member of MYDOMAIN, =
<BR>standard=20
user group.<BR><BR>Re-boot the PC and log on again as JohnDoe. Still =
have=20
error 1925 when I try <BR>to install the FW client. Log off JohnDoe =
and log on=20
as Administrator on <BR>JohnD. This time the FW client installs =
OK.<BR><BR>Log=20
off Administrator and log on as JohnDoe on MYDOMAIN. Internet access =
is=20
<BR>forbidden.<BR>In the client PC User Accounts I change JohnDoe to=20
Administrators group. <BR>Internet access is now possible.<BR><BR>So I =
get=20
there in the end, but it is all a bit laborious, and I'm not happy =
<BR>about=20
making my user a local Administrator - or is that a necessary=20
step?<BR>Question - is there a slicker method of arriving where I want =
to=20
be?<BR><BR><BR>Regards<BR><BR></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0034_01C71901.6B89C080--

Top

Re: XP Clients with SBS2000 by Cris

Cris
Tue Dec 05 22:19:47 CST 2006

Users must be a local admin on their workstation for workstation to run
scripts/install software.

--
CRIS HANNA [SBS-MVP]
---------------------------------
Please only respond in the newsgroup. Do Not Contact Directly.
MVPs do not work for Microsoft.
---------------------------------------
Sent via Windows Mail on Vista Ultimate connected to SBS R2
"Neil Raffan" <reply to group> wrote in message
news:O4JYuaMGHHA.4116@TK2MSFTNGP05.phx.gbl...
> I've upgraded 4 of our users to XP pro, and somehow I keep making a mess
> of configuring the client PC.
>
> This is the procedure I just followed for another new (out of the box
> Dell) PC:
> At the SBS box add a new user, JohnDoe and a new computer JohnD.
> At the client box first start up, during XP installation/configuration
> give the username, JohnDoe, and the computer name, JohnD.
> The client PC then starts up as local user, JohnDoe. I then follow
> KB316418 to join the XP client to the SBS domain, for example MYDOMAIN.
>
> Re-boot the client PC, this time logging on as JohnDoe on MYDOMAIN.
> Again follow KB316418 to install the firewall client. At this time I get
> Error 1925 - insufficient priviledges.
> In the client PC User Accounts I note that user JohnDoe is only a member
> of the JohnD domain, so I create another user JohnDoe, member of MYDOMAIN,
> standard user group.
>
> Re-boot the PC and log on again as JohnDoe. Still have error 1925 when I
> try to install the FW client. Log off JohnDoe and log on as Administrator
> on JohnD. This time the FW client installs OK.
>
> Log off Administrator and log on as JohnDoe on MYDOMAIN. Internet access
> is forbidden.
> In the client PC User Accounts I change JohnDoe to Administrators group.
> Internet access is now possible.
>
> So I get there in the end, but it is all a bit laborious, and I'm not
> happy about making my user a local Administrator - or is that a necessary
> step?
> Question - is there a slicker method of arriving where I want to be?
>
>
> Regards
>
>

Top

Re: XP Clients with SBS2000 by Neil

Neil
Wed Dec 06 06:03:21 CST 2006

This is a multi-part message in MIME format.

------=_NextPart_000_000F_01C7192E.8629E0F0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

2 NIC with ISA.....

......but I don't follow the relevance?


"jesmin ningthoujam" <jesmin.ningthoujam@gmail.com> wrote in message =
news:upZKUNNGHHA.3952@TK2MSFTNGP02.phx.gbl...
SBS 2000. ..=20
Is it single NIC/ 2 NICS ?
Do you have ISA ?=20


--=20
jesmin ningthoujam=20


------=_NextPart_000_000F_01C7192E.8629E0F0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2180" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>2 NIC with ISA.....</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>......but I don't follow the=20
relevance?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"jesmin ningthoujam" &lt;<A=20
=
href=3D"mailto:jesmin.ningthoujam@gmail.com">jesmin.ningthoujam@gmail.com=
</A>&gt;=20
wrote in message <A=20
=
href=3D"news:upZKUNNGHHA.3952@TK2MSFTNGP02.phx.gbl">news:upZKUNNGHHA.3952=
@TK2MSFTNGP02.phx.gbl</A>...</DIV>
<DIV><FONT face=3DTahoma color=3D#008080 size=3D2>SBS 2000. .. =
</FONT></DIV>
<DIV><FONT face=3DTahoma color=3D#008080 size=3D2>Is it single NIC/ 2 =
NICS=20
?</FONT></DIV>
<DIV><FONT face=3DTahoma color=3D#008080 size=3D2>Do you have ISA ? =
</FONT></DIV>
<DIV><FONT face=3DTahoma color=3D#008080 size=3D2></FONT>&nbsp;</DIV>
<DIV><BR>-- <BR>jesmin ningthoujam <BR></DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #008080 2px solid; MARGIN-RIGHT: 0px"><FONT=20
face=3DArial =
size=3D2></FONT>&nbsp;</BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_000F_01C7192E.8629E0F0--

Top

Re: XP Clients with SBS2000 by Neil

Neil
Wed Dec 06 06:06:25 CST 2006

So there is more to the procedure than that outlined in KB316418

It would be correct to have to create a user member of MYDOMAIN with admin
priviledges on the workstation?


Regards


"Cris Hanna" <crisnospamhanna@computingnospampossibilities.net> wrote in
message news:C6E2F39D-2B16-412E-8B77-F3B282EDD8D4@microsoft.com...
> Users must be a local admin on their workstation for workstation to run
> scripts/install software.
>
> --
> CRIS HANNA [SBS-MVP]
> ---------------------------------
> Please only respond in the newsgroup. Do Not Contact Directly.
> MVPs do not work for Microsoft.
> ---------------------------------------


Top

Re: XP Clients with SBS2000 by Dave

Dave
Wed Dec 06 10:29:56 CST 2006

Once the machine is joined to the domain, you need only to have created the
domain user account on the SBS. Domain user accounts are then automatically
members of the local Users group on the workstation.

As your needs require, add that domain user to local groups on the
workstation (such as Administrators, IF it is necessary for the user to
install things). I would avoid that as much as possible and use other means
to manage software etc. on the workstation (install as Administrator, use
Group Policy software installation etc.)

Since you have ISA, the domain user account (or domain group it is a member
of as appropriate) will need to be added to the BackOffice Internet Users
group on the server to have internet access, in most cases. A local user
account will not have access through ISA unless you have some type of
allow-all rule configure in ISA.

If you choose to make that user a local Administrator, they had better be a
very cautious internet user, and you should have very good security
mechanisms in place (anti-virus/spyware etc).

How you choose to handle it should be whatever makes the most sense for your
situation. The users at my company are fairly unskilled with managing PCs,
so I do all the config and keep everything fairly locked down.

DS


"Neil Raffan" <reply to group> wrote in message
news:%23Lryv7SGHHA.1216@TK2MSFTNGP05.phx.gbl...
> So there is more to the procedure than that outlined in KB316418
>
> It would be correct to have to create a user member of MYDOMAIN with admin
> priviledges on the workstation?
>
>
> Regards
>
>
> "Cris Hanna" <crisnospamhanna@computingnospampossibilities.net> wrote in
> message news:C6E2F39D-2B16-412E-8B77-F3B282EDD8D4@microsoft.com...
>> Users must be a local admin on their workstation for workstation to run
>> scripts/install software.
>>
>> --
>> CRIS HANNA [SBS-MVP]
>> ---------------------------------
>> Please only respond in the newsgroup. Do Not Contact Directly.
>> MVPs do not work for Microsoft.
>> ---------------------------------------
>
>


Top

Re: XP Clients with SBS2000 by Neil

Neil
Wed Dec 06 17:47:52 CST 2006

Thanks Dave, I think I now understand a little of how it works.

I think that I was going wrong before by creating a local user account
during XP installation with the same name as the domain account. I tried the
KB316418 procedure without the local user account being defined, and it all
seemed to work OK.
Note that domain user accounts automatically have internet access by
default - or at least they do on my system.

Regards


"Dave Stoecker" <david_stoecker@hotCOFFEEmail.com> wrote in message
news:%23511EPVGHHA.1248@TK2MSFTNGP03.phx.gbl...
> Once the machine is joined to the domain, you need only to have created
> the domain user account on the SBS. Domain user accounts are then
> automatically members of the local Users group on the workstation.
>
> As your needs require, add that domain user to local groups on the
> workstation (such as Administrators, IF it is necessary for the user to
> install things). I would avoid that as much as possible and use other
> means to manage software etc. on the workstation (install as
> Administrator, use Group Policy software installation etc.)
>
> Since you have ISA, the domain user account (or domain group it is a
> member of as appropriate) will need to be added to the BackOffice Internet
> Users group on the server to have internet access, in most cases. A local
> user account will not have access through ISA unless you have some type of
> allow-all rule configure in ISA.
>
> If you choose to make that user a local Administrator, they had better be
> a very cautious internet user, and you should have very good security
> mechanisms in place (anti-virus/spyware etc).
>
> How you choose to handle it should be whatever makes the most sense for
> your situation. The users at my company are fairly unskilled with
> managing PCs, so I do all the config and keep everything fairly locked
> down.
>
> DS
>
>
> "Neil Raffan" <reply to group> wrote in message
> news:%23Lryv7SGHHA.1216@TK2MSFTNGP05.phx.gbl...
>> So there is more to the procedure than that outlined in KB316418
>>
>> It would be correct to have to create a user member of MYDOMAIN with
>> admin priviledges on the workstation?
>>
>>
>> Regards
>>
>>
>> "Cris Hanna" <crisnospamhanna@computingnospampossibilities.net> wrote in
>> message news:C6E2F39D-2B16-412E-8B77-F3B282EDD8D4@microsoft.com...
>>> Users must be a local admin on their workstation for workstation to run
>>> scripts/install software.
>>>
>>> --
>>> CRIS HANNA [SBS-MVP]
>>> ---------------------------------
>>> Please only respond in the newsgroup. Do Not Contact Directly.
>>> MVPs do not work for Microsoft.
>>> ---------------------------------------
>>
>>
>
>


Top