I have my computer in a domain, and my account is in the Administrator’s group. Comodo Antivirus thinks I do not have admin rights. In order for me to properly install and scan, I have to logon with the local administrator account. Is this a known bug or is there a way to fix this problem?
Most likely your domain admin(s) has restricted your domain account. I’m in the same situation myself, and I’m forced to kill and restart the application with the Run as… command. Even though you have your domain account in the Local Admin group doesn’t necessarily means unrestricted rights
A real pain in the posterior as my company admins are way to ignorant to even fully comprehend the need for personal firewalls. I have to point out security flaws myself, and I don’t even work in that department… (:CLP)
start → right click “my computer”, click “manage”. Select Users and Groups, groups, administrators, and verify that your domain account is included in the local administrator group. As domain admin you have sufficient privileges to edit this token, and this will solve the problem once and for all.
Usually what I did when joining a PC to the domain was to use the “Network Identification Wizard” (found by right-click My computer, select Properties, switch to the Computer Name tab, and click the Newtork ID button).
The ends result is a PC joined to the domain and the addition of domains account(s) to the PC’s local security profile.
I’m probably just reinterating what svein mentioned… but offering a one-stop-config option for the future.
Having Local Administrator rights for your domain Account should under normal circumstances give you admin rights. But… and this is important, Domain Administrators or accounts with similar security level can infact restrict your domain account even though it has Local administrator security rights. This is called Group Policing and is enforced upon every domin account wether you like it or not. As long as your computer is part of a Domain or your user-ID is a domain account, the group policy will be employed at each log on. Period.
Domain admins can tweak the security even further using 3rd party applications, rendering your laptop completely useless outside your office network.
Just an FYI (:HUG)
You are absolutely right as I can remember. I think I understand, with your level you should be able to install CAV and if your settings are such, you should be able to without question, what it’s telling you is you don’t have this right. <<I don’t know your level of understandin in GP so forgive me, I don’t assume you to be dumb.>> That said, I would assume you have used gpedit to set your permissions correctly for even admin group? There are certain permissions even for admins groups that can be given or taken, they are not king of the hill so to speak. I assume full rights assigned? I haven’t dwelved into group policy for quite some time so excuse me if my terms or statements are off a bit.
Also, CAV may only look at the main admin account for registry reasons when installed although not sure but I know CPF protects the registry very well and perhaps CAV does the same and needs full admin rights to install? If you have such access to admin, and tried to install, then did it work?
The reason I know this is because I have such a domain account as the original poster has. And I meet this problem almost on a daily basis.
I can install programs just fine, but to install the license or even get upgrades require all security levels to be active for your account. Especially access to the more sensitive areas of your registry. Mine are not. I have to invoke my own personal local admin account, as this hasn’t been restricted by the domain policy or is under the influence by the domain policy (yet!). it’s a real pain in the royal posterior, but I can see the reason for doing this. My company has nearly 3000 employees, and some are bound to really mess up his computer from lack of knowledge. If you can do something to your computer, thereby rendering your computer useless, you can bet your butt that the same individual is gonna attempt it… :
And comicfan2000, to answer your question about using gpedit.msc.
I’ve used it extensivly, and most if not all personal edited settings will be overwritten at logon. There’s ups and downs to domain accounts. You’re treated exactly the same as everyone else. Even the secretary and the dude in the post-office has the same rights as you… which in my case is practically none (covertly executed).