WSUS Administrators group and CleanUp error

Similar Messages

• Administrators group and Administrator account

  I'm setting up an Open Directory network and had some questions regarding the Administrator account and the Administrators Group:
  1. How do you add members to the Administrators group and how do you see who is a member?
  2. Do members of this group have full access to computers that are members of the domain (i.e., computer accounts listed in Server Admin). I've tried logging in as the Administrator on laptops that were joined to the OD domain, but I was not successful. I'm coming from an Active Directory background and the administrator can log into all domain computers. Logging into the OS X server as the administrator works.
  Thanks!

  Hi z-admin,
  Have you ever gotten the answer to this?
  My question is similar: if a user in OD is given FULL administration capabilities in OD, is he a "Mac domain administrator"? If not, how can I make my user a "Mac domain administrator", e.g. a person that can log into any Mac connected to my OD and be an administrator on that machine? Otherwise, I need to create a local admin on every Mac and this is a nightmare for any network administrator.
  Thanks!

• WSUS service failure and uninstall error 0x80070643

  Hello
  I recently had a drive fail in a RAID 1 array on a Windows Server 2008 Standard SP2 domain controller. The drive was replaced and the array successfully rebuilt the drive. Our domain comprises a Win2k8 DC (which WSUS is installed on), a W2k3 DC, a W2k8 Storage
  Server and various W2k, Win XP, Vista and W7 clients.
  WSUS3 SP2 is installed on this computer and had been working fine. After the drive was rebuilt WSUS stopped working. WSUS is organised as follows:
  The drive is divided into 3 partitions. C: contains the program files, D: contains the WSUS database and update files. E: is a system recovery partition.
  After the drive was rebuilt I had a problem connecting to the WSUS console. I am logged on using the domain administrator account. I restarted the server last night in the hope that it would solve this issue. After restarting, the problem persists. When
  I start Windows Server Update Services from Administrative Tools the centre pane shows a large red X and 'Error: Connection Error'. The option to 'Reset Server Node' results in the same error. The error, available from 'Copy Error to Clipboard' is:
  The WSUS administration console was unable to connect to the WSUS Server via the remote API.
  Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.
  The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,
  Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.
  System.IO.IOException -- The handshake failed due to an unexpected packet format.
  Source
  System
  Stack Trace:
     at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
     at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
     at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
     at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
     at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
     at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
     at System.Net.TlsStream.CallProcessAuthentication(Object state)
     at System.Threading.ExecutionContext.runTryCode(Object userData)
     at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
     at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
     at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
     at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
     at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
     at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
     at System.Net.ConnectStream.WriteHeaders(Boolean async)
  ** this exception was nested inside of the following exception **
  System.Net.WebException -- The underlying connection was closed: An unexpected error occurred on a send.
  Source
  Microsoft.UpdateServices.Administration
  Stack Trace:
     at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
     at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
     at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
     at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.GetUpdateServer(PersistedServerSettings settings)
     at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer()
     at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServerAndPopulateNode(Boolean connectingServerToConsole)
     at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.OnExpandFromLoad(SyncStatus status)
  The event logs show that the Update Services service started 7mins after the server was restarted. This is immediately followed by an event stating the Windows Update service had started. If fails soon after and is restared automatically twice to try to
  recover from the failure. 12 hours after the restart the Update Services service is still not running. It is set to Automatic (Delayed Start). The service is set to logon as 'Network Service'. The service can be manually started, but 'Resert Server Node' again
  results in the same error. After 4mins the service will stop. Event 7034 is logged:
  Log Name:      System
  Source:        Service Control Manager
  Date:          31/08/2011 09:05:50
  Event ID:      7034
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      Phobos.htlincs.local
  Description:
  The Update Services service terminated unexpectedly.  It has done this 4 time(s).
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
      <EventID Qualifiers="49152">7034</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2011-08-31T08:05:50.000Z" />
      <EventRecordID>230471</EventRecordID>
      <Correlation />
      <Execution ProcessID="0" ThreadID="0" />
      <Channel>System</Channel>
      <Computer>Phobos.htlincs.local</Computer>
      <Security />
    </System>
    <EventData>
      <Data Name="param1">Update Services</Data>
      <Data Name="param2">4</Data>
    </EventData>
  </Event>
  IIS and SQL are running fine as far as I am aware. I also have Sophos Enterprise Console installed which uses SQL to store it's data and that is working fine.
  After a bit of searching around the 'net I thought the easiest solution would be to uninstall WSUS, leave the database and update files in place and then re-install. I ran the uninstallation procedure from the Server Manager, but because the service is not
  running, and even after starting the service, uninstallation fails:
  Windows Server Update Services: Removal failed
     Error: Attempt to un-install Windows Server Update Services failed with error code 0x80070643.  Fatal error during installation
  I saw a reference to the online article located here:
  http://blogs.technet.com/b/sus/archive/2008/11/05/how-to-manually-remove-all-of-wsus.aspx but the article states it is out of date and I did not want to make a bad situation worse by following the instructions.
  Can anyone help me with this, please. Ideally, I would like to be able to keep the updates as downloading them again will consume a substantial amount of our monthly allowance. However, if the best thing is to remove the entire installation, then I will
  ahppily go with that, too.
  Thanks.

  I'm experiencing this issue, but haven't been able to resolve it with the steps in Lawrence's post (and, another thanks from me for another detailed post from Lawrence!)
  It's a 2008 box which had a relatively new WSUS install that just stopped working - not sure why.  Unable to figure out why it had stopped, I tried to Remove the WSUS role, but that failed with the error above.
  During the manual uninstall steps above...
  (1) Using Windows Installer Cleanup Utility only showed the Windows Internal Database, not WSUS.  I removed
  that.
  (2) Removed %ProgramFiles%\Update
  Services - other resources not present
  Reinstall has now failed with this error:  
  Windows Server Update Services 3.0 SP2 could not install Windows Internal Database. For more information, see the Setup log "C:\Users\NAME~1.ADM\AppData\Local\Temp\WSUSSetup.log".
  2012-10-23 20:57:53  Success   MWUSSetup          Detected that setup was launched through Server Manager
  2012-10-23 20:57:54  Success   MWUSSetup          Validating pre-requisites...
  2012-10-23 20:57:54  Error     MWUSSetup          Failed to determine if an higher version of WSUS is installed. Assuming it is not... (Error 0x80070002: The system cannot find the file specified.)
  2012-10-23 20:57:54  Error     MWUSSetup          WSUS is outdated. But this will not block setup (Error 0x00000000: The operation completed successfully.)
  2012-10-23 20:57:57  Success   MWUSSetup          Incompatible version of ReportViewer installed. Required ReportViewer version: 9.
  2012-10-23 20:57:57  Success   MWUSSetup          Incompatible version of ReportViewer installed. Required ReportViewer version: 9.
  2012-10-23 20:58:25  Success   MWUSSetup          Initializing installation details
  2012-10-23 20:58:25  Success   MWUSSetup          Skipping Asp.Net install since not running on win2k3...
  2012-10-23 20:58:25  Success   MWUSSetup          Installing wYukon using ocsetup
  2012-10-23 20:58:25  Success   MWUSSetup          Installing Windows Internal database using ocsetup with command line as "ocsetup "WSSEE" /quiet /norestart"
  2012-10-23 20:58:49  Error     MWUSSetup          The process ocsetup "WSSEE" /quiet /norestart returned error: 0x643 (Error 0x80070643: Fatal error during installation.)
  2012-10-23 20:58:49  Error     MWUSSetup          ExecCmd failed (Error 0x80070643: Fatal error during installation.)
  2012-10-23 20:58:49  Error     MWUSSetup          Install Windows Internal database: Failed to execute "ocsetup "WSSEE" /quiet /norestart" (Error 0x80070643: Fatal error during installation.)
  2012-10-23 20:58:49  Error     MWUSSetup          CInstallDriver::PerformSetup: Installation of wYukon failed (Error 0x80070643: Fatal error during installation.)
  2012-10-23 20:58:49  Error     MWUSSetup          CSetupDriver::LaunchSetup: Setup failed (Error 0x80070643: Fatal error during installation.)
  Would anyone on the thread have suggestions for what I might be able to do, to wipe the slate clean with the Internal
  Database on this box?  
  The WID is not used for anything else, but there is other production software installed, (using SQL - not relevant, just
  mentioning) and reinstalling the OS is not an option.

• The only user was removed from Administrators Group

  Hi Experts
  We are using Office 365 based Project Online and Project Server Security Mode was applied, also the Active Directory sync was switched to 'OFF' for Administrators Group in PWA. There was only one user which was in the Administrators Group and hence was the
  lone user to have access to Project Server 'Groups & Categories' section.
  Now I do not know how it happened, but the person logged into the PWA Site, went to Administrators Group and removed his name from the Group and clicked on Save.
  As soon as it happened the access right were removed from that user also Now no one has the access to 'Server Settings' page as an administrator. Hence all the admin work is stopped.
  My concern was is it possible that by any means can we add any user (or the same user) to the Administrator Group?
  Thanks
  Manish

  Hello,
  If no user has access to do this then the only option you have via the UI is to switch permission modes (to the SharePoint permission mode then back to the Project Server permission mode - this add the Company Administrators (global admins) the Admin group).
  Do bear in mind this will remove all of the users from the security groups and reset ALL security so probably not an ideal option. The only other option is to open a support query via your Office 365 tenant and see what Microsoft suggest..
  Paul
  Paul Mather | Twitter |
  http://pwmather.wordpress.com | CPS |
  MVP | Downloads

• Portal Error (A critical error...) after removing "Administrators" group

  Hello experts,
  I'm very new on the Portal topic and faced with an error on our portal environment (SAP ECC 6.0 and SAP Netweaver 7.01)
  I've created a custom role with some worksets, folders and SAP standard delivered iView inside.
  My portal dummy user is owner of this role. Furthermore he's assigned to the groups: "Everyone", "Administrators" and "Authenticated Users". The corresponding user in R/3 backend has SAP_ALL.
  When I log-on to portal it's working fine, iViews, etc. are properly loaded. But thanks to the "Administrators" group, the user can access the tabs "Content Administration", "System Administration" and "User Administration" which should be obviously not the case. When I remove the group "Administrators" from the portal user, the 3 tabs are not displayed anymore. Therefore the iView from my custom role are not loaded any more. I get an error message in main screen saying "Critical Error. A critical error has occured. Processing of the service was terminated. Unsaved data has been lost. Contact your system administrator".
  A colleague told me that it might be an issue on portal permission. I went via tab "System Administation" > "Permission" into the PCD and gave to my roles, folders and an example iView the following permissions:
  - Name: Everyone; Administrator: Full Control; End User: checked
  - Name: Authenticated Users; Administrator: Full Control; End User: checked
  As I've used Delta Links I gave these permission to the SAP delivered iViews, too. Unfortunately the error stays the same.
  Please advice what's missing.
  Thank you so much, Jessica

  Hi,
  Thanks for your reply.
  I started the NWA and went to Analysis > Debug > Logs and Traces.
  There is a fatal error stated but the explanation is not very detailed:
  Severity: fatal; Message: n/a; Category: /Applications/Xss; Location: com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent; Application: sap.com/tcwddispwda; Host: pesap57; Node: Server 0 26_91224
  The message is displayed twice (again: Severity: fatal; Message: n/a; Category: /Applications/Xss; Location: com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent; Application: sap.com/tcwddispwda; Host: pesap57; Node: Server 0 26_91224)
  These errors are not in the log when I add the Administrators Group.
  Thanks for your advice, Jessica

• Windows Administrators group privilege and behavior.

  Hi,
  I am trying to run the command remotely, net user username /domain , but it fails saying "System error 5". This behavior is seen as a domain user which is part of Administrators group, but not from any local administrators member.
  I need help on the following.
  1. I have seen that the Administrators group in Windows is very flexible. Any documentation links or samples how the privileges can be modified?
  2. How i resolve the "System error 5" when the net command is run remotely as a domain user part of Administrators.
  Thanks

  Hi,
  Here is a list about possible reason of this problem:
  There is a time synchronization problem.
  Permissions to access the remote computer (Share, NTFS, GPO) are missing.
  A firewall or third-party product may eliminate the connection to the remote computer.
  The computer account is disabled, has an expired password, or doesn’t exist in the domain.
  There is an Active Directory replication problem.
  Please access to the link below for more details and take its solution for reference:
  https://support.microsoft.com/en-us/kb/555644
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How to export and import "Computer Groups" and "Patch approvals" in WSUS 4.0 ?

  Hi,
  I have a query regarding the export and import options for "Computer Groups" and "Patch Approvals" in WSUS 4.0.
  In WSUS 3.2 once we install WSUS 3.0 API Samples and Tools, we get "WSUSMigrationExport" and "WSUSMigrationImport" tools under
  C:\Program Files\Update Services 3.0 API Samples and Tools\WsusMigrate\ folder. 
  Using the 'WSUSMigrationExport' tool we can export the Computer Groups and the Patch Approvals in a XML file. And using the 'WSUSMigrationImport' tool we can import the 'Computer Groups' and the 'Patch Approvals' from that XML file into a different WSUS
  3.2 server. We can run the import tool as below:
  a. Run command prompt as administrator.
  b. In the command prompt, go to C:\Program Files (x86)\Update Services 3.0 API Samples ans Tools\ WsusMigrate\WsusMigrationImport
  c. Type WsusMigrationImport filename.xml TargetGroups None. Press enter; this will import Computer Groups to the WSUS 3.2 server.
     Type WsusMigrationImport filename.xml Approvals None. Press enter; this will import "Patch Approvals" to the WSUS 3.2 server.
  This is easy and useful.
  Now, for WSUS 4.0 I did not find  "WSUS
  4.0 API Samples and Tools". So I installed "WSUS 3.0 API Samples and Tools" in my WSUS 4.0 server. And tried to import a valid XML file in the above mentioned process. But the command returned an error.
  The error says the "Microsoft.UpdateService.Administration.dll" file was not found.
  I further searched in the internet about this issue and I found that the "WSUS 3.0 API Samples and Tools" is not supported in WSUS 4.0 as the .net framework used in "WSUS 3.0 API Samples and Tools" is 2.0 and WSUS 4.0 uses .net Framework
  4.5.
  So, Here are my questions.
  1. Is it correct that "WSUS 3.0 API Samples and Tools" is not supported in WSUS 4.0?
  2. Is "WSUS 4.0 API Samples and Tools" available?
  3. Is there any alternative way in WSUS 4.0 to export and import XML file consisting "Computer Groups" and "Patch Approvals" configurations?
  I need an urgent reply. Thank you in advance.

  Hi Tapojyoti,
  >>1. Is it correct that "WSUS 3.0 API Samples and Tools" is not supported in WSUS 4.0?
  Yes, WSUS 3.0 API Samples and Tools is not supported in Windows Server 2012R2 by default. We may try to rebuild it in Windows Server 2012R2. For detailed information about how the rebuiled, please refer to the readme document of the WSUS 3.0 API Samples
  and Tools.
  >>2. Is "WSUS 4.0 API Samples and Tools" available?
  No, I can't find the WSUS API Samples and Tools for 2012R2.
  >>3. Is there any alternative way in WSUS 4.0 to export and import XML file consisting "Computer Groups" and "Patch Approvals" configurations?
  As I have mentioned above, due to WSUS 3.0 API Samples and Tools is released with source code, we can try to rebuild it in the Windows Server 2012R2.
  If it doesn't work, as a workaround, we can configure the new WSUS server as the replica server of the existing WSUS server. After the synchronization, change the server mode to stand alone.
  Best Regards.
  Steven Lee
  TechNet Community Support

• Project Online - Schedule PDP disappearing for some Project Owners and Project Server Administrators Group

  Current Project Online environment is currently setup with Project Server Permissions Mode. All projects follow a customized workflow that enables Schedule PDP on Planning Phase/Stage, among other rules. For some users the workflow and
  expected PDPs are working fine, but for other the Schedule PDP just disappears under unknown conditions, even if they are part of the Administrators Group. Has anyone come across these behaviour?
  Saludos!

  As you said they belongs to Admin group it means they have required permission still double check the permission assigned to the users.
  Also ask those users to try to log in form different system then check is issue is occurring. 
  If this issue is occurring for few users then this may be because of Browser. check the following :
  1. Open IE then internet options --> Security --> Trusted Site and add your PWA site. then check
  2. If still issue is occurring then click on F12 button then select browser mode as IE 9 then check.
  kirtesh

• Wsus query needed - get WSUS-Computers, belonging WSUS-Group and Not Installed Count

  Hi,
  i try to find a way by using basic WSUS powershell cmds in combination with piping in Server 2012 R2 to get all registered computers in WSUS plus belonging WSUS-Group and Update "Not Installed Count" as output.
  Is that possible?
  I tried multiple times and enden up in using posh - is there no way based on standard powershell commandlets.
  Thank you
  Peter

  Hi Michael,
  it seems that you are right :(. I tried out a few things with powershell (source
  http://blogs.technet.com/b/heyscriptingguy/archive/2012/01/19/use-powershell-to-find-missing-updates-on-wsus-client-computers.aspx) - big problem is that i actually cant get belonging WSUS Group to Server object. I only are able to get all WSUS Groups
  but cant find the right sytax to get only belonging ones.
  Any ideas?
  Thanks
  Peter
  #Load assemblies
  [void][system.reflection.assembly]::LoadWithPartialName('Microsoft.UpdateServices.Administration')
  #Create Scope objects
  $computerscope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope
  $updatescope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
  #Gather only servers
  $ServersId = @($wsus.GetComputerTargets($computerscope) | Where {
  $_.OSDescription -like "*Server*"
  } | Select -expand Id)
  #Get Update Summary
  $wsus.GetSummariesPerComputerTarget($updatescope,$computerscope) | Where {
  #Filter out non servers
  $ServersId -Contains $_.ComputerTargetID
  } | ForEach {
  New-Object PSObject -Property @{
  ComputerTarget = ($wsus.GetComputerTarget([guid]$_.ComputerTargetId)).FullDomainName
  ComputerTargetGroupIDs = ($wsus.GetComputerTarget([guid]$_.ComputerTargetId)).ComputerTargetGroupIds
  ComputerTargetGroupNames = ($wsus.GetComputerTargetGroups())
  NeededCount = ($_.DownloadedCount + $_.NotInstalledCount)
  #DownloadedCount = $_.DownloadedCount
  NotInstalledCount = $_.NotInstalledCount
  #InstalledCount = $_.InstalledCount

• WSUS - computers groups synchronization and updates view

  Hi Technet,
  I'm in front of stupid question I think but this is turning me mad.
     1) In my WSUS, I'm creating sub-groups in order to separate new Products and Classifications updates and to apply them to my test computers pool.
  Unfortunately, as you can see on my screenshot, these groups are empty.
  I've checked the GPO created for these tests and everything is settled as for our other WSUS GPO, which are well synchronized to our server.
  Here is the screenshot of GPO settings :
  Here is what I've tried :
  * Delete the computers group, recreated it and wait for 90 to 120 minutes for the DC to synchronize ---> Not OK.
  * Force the sync with gpupdate /force on WSUS server ---> Not OK.
  * Delete GPO and recreate them ---> Not OK.
  What is strange is that it's not the first time I'm using side targeting and all other Computers Groups I have are well working.
  Based on my first screenshot, my problem is on sub-groups under GVA_Test_Computers.
  Is there anything I can try to have them get computers ?
  2) For custom view I can create, (for example, I've created Office 2010 in the first screenshot) is it possible to keep them alive or do I have to recreate them everytime I'm connecting to the WSUS console ?
  Many thanks.
  TiGrOu.

  I'm not entirely sure that I'm understanding, but, it sounds like you are battling with multiple GPOs, each GPO is trying to set the same client-side-targeting registry key to a different value.
  If so, the "precedence" (link order) of the GPOs must be clearly understood.
  If a computer is applying multiple GPOs, and, if each GPO is setting the same registry key (but to a different value), the GPO with the lowest precedence will "win".
  This is not cumulative (the values do not append), the values are replaced each time a GPO is applied by the registry CSE.
  So, if you have a computer that is a member of several AD security groups, and each security group is the control for a GPO, only the lowest precedence GPO will be resultant. (effectively, the last GPO to execute/apply, will be the resultant winner).
  If you wish for this computer to have *all* of the client-side-targeting groups applied, you must construct a new security group and GPO, this will reflect the "merged" multiple-groups settings you desire.
  e.g. create and link a GPO named "WSUS_Group1Group2Group3" which sets the values to be "Group1; Group2; Group3" and create an AD group for that security filter. Ensure that this GPO is Precedence=1. Add the computer to this AD group.
  (1 is lowest, even though, visually, 1 is at the top of the list ;)
  http://blogs.msdn.com/b/muaddib/archive/2012/08/22/determine-gpo-precedence-with-gpmc-gpresult.aspx
  http://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
  (the terms "lowest" and "highest", in this MS concept, relate to the value of the number, not the visual positioning within GPMC)
  Or, have I misunderstood?
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Server 10.5.7 upgrade deleted all user and group Info -- Receiving error -1

  After upgrading our Dual 2.0 G5 server that was running 10.5.6 to 10.5.7 all groups and user information lost access. In addition when starting the workgroup manager error -14008 appears. Also when we look into the console log the following shows up
  ------------com.apple.launchd[1] (edu.mit.kadmind) Throttling respawn: Will start in 10 seconds
  over and over
  Any help would be greatly appreciated.

  I looked into A&I more, maybe it's not as nuclear as I thought. I presumed it meant I needed to reinstall all non-apple Apps, which means digging up disks and codes, none of which I have here. I'm away from home for another 4 weeks, which means doing that is difficult.
  Being away is also why my back-up is a little out of date, I didn't bring the time machine drive for that MBP with me. I had it shipped to me as soon as I had problems, but the back-up I'd have to roll back to is now 1-2 weeks old and might still have the funky user:group problems since my timezone problems began before the 10.5.7 update.
  I think DiskWarrior may of finally repaired the user:group issues. Not 100% sure but it's looking better. I just noticed that the primary user is admin but User is 502 and Group is 502. Whereas my secondary user account (also Admin) on that MBP User is 501 and Group is 20. My recollection is 20 is staff and both users groups should be 20.
  I'll look into A&I more, probably do it when I get home.
  Thanks.
  Message was edited by: jb510

• Member of Administrators group id's issue

  Hi Experts,
  Need your help in fixing the member of Administrators group id’s issue. All the member of id’s got corrupted attached screenshot for your reference.
  Thanks in advance.
  Note : We have done the domain rejoin multiple times, but issue is not resolved. Kindly help
  Regards!
  Pavan
  Thanks & Regards, Pavan

  Hi Ravi, Senne,
  Thanks for your info
  J
  It is not required to resolve the SID’s to find user name.. My issue is, when I type user account in administrators group it will be scattered and am unable
  to run any script in command, it gives me any error you don’t have administrator privilege. Even in administrator account also.
  Please help
  Ex: admin it will scattered to SID’s ---à(S-1-5-21-4039728811-1490228635-3033914438-10432592)
  Regards!
  Pavan
  Thanks & Regards, Pavan

• Builtin 'Administrators' Group for Server 2003 network isn't available for grant

  All,
  I'm working on a migration from Win Server 2003 to Win Server 2012. Our domain controllers are still both Windows 2003 machines. For this part of the migration, I'm dealing just with relocating some files from a 2003 file server. 
  While relocating a network share from a Windows Server '03 file server to a Windows Server 2012 file server, I found I was not able to grant the builtin "DOMAIN\Administrators" security principle access to the share. In fact, it's as if the group
  does not exist.
  On Windows Server 2003, on a folder you wish to share: Right-Click > Properties > Security > Add > Advanced
  Searching for "administrators" locates the group. The same steps from the Windows Server 2012 server does not.
  The 2012 server is on the domain and I'm searching the same domain tree in each case. I have also ensured that I'm searching every possible object type (via the "Object Types") button on the search.
  Other security principles are visible. For example, my own login is available, as are other security groups. In both cases, I am logged into the server as the domain administrator.
  Thanks!

  ...Hm. I can't add the built in Administrators group to another security group on the Windows Server 2003 domain controller.
  Edit: What I mean to say is, I run into the same problem. Attempting to add the builtin Administrators group to an already existing security group on the 2003 server leads to an error -- there is no Administrators group, according to the DC.

• Accounts used by application pools or service identities are in the local machine Administrators group.

  I am getting the Warning: "Accounts used by application pools or service identities are in the local machine Administrators
  group."
  Using highly-privileged accounts as application pool or as service identities poses a security risk to the farm, and could allow
  malicious code to execute.  The following services are currently running as accounts in the machine Administrators group: SPUserCodeV4(Windows Service) 
  OSearch14(Windows Service) 
  SPSearch4(Windows Service) 
  WebAnalyticsService(Windows Service) 
  I understand that the users running these Windows Services must not
  be a local administrator of the server. The user I have assigned for the aforementioned Windows Services are in the following Groups in the SharePoint Server:
  IIS_IUSRS
  Performance Monitor Users
  WSS_ADMIN_WPG
  WSS_RESTRICTED_WPG_V4
  WSS_WPG
  Which group must I remove the user from?

  Since I used the same account for all; I am getting the following error message:
  The server farm account should not be used for other services.
   the account used for the SharePoint timer service and the central administration site, is highly privileged and should not
  be used for any other services on any machines in the server farm.  The following services were found to use this account: SharePoint - 80 (Application Pool) 
  SPUserCodeV4(Windows Service) 
  OSearch14(Windows Service) 
  SPSearch4(Windows Service) 
  Web Analytics Data Processing Service(Windows Service) 
  Should I use another non administrator account for farm Administrator?

• Add Windows 7 local administrators group to another local group

  So I have the local group MyLocalGroup and I need to add the local Administrators group as member of MyLocalGroup
  I'm working with Windows 7 Professional with Windows Management 4
  I have tried:
  [ADSI]$LocalAdmonistratorGroup="WinNT://$Env:COMPUTERNAME/Administrators,Group"
  [ADSI]$MyUsersGroup="WinNT://$Env:COMPUTERNAME/MYLOCALGROUP,Group"
  $MyUsersGroup.Add($LocalAdmonistratorGroup.Path)
  Exception calling "Add" with "1" argument(s): "A member could not be added to or removed from the local group because the member does not exist."
  BUT:
  $LocalAdmonistratorGroup.Add($MyUsersGroup.Path)
  It's work! And MyLocalGroup is member of administrator.
  I have made some test and:
  1. A user can be added to any local group (ok)
  2. A local group can be member of any local group (ok)
  3. A group or a user can be added to local Administrators group
  4. If I try to add local administrators group as member of any other local group I receive the error!
  How I can add the Local Administrators group as member of another local group using PowerShell (with interface work)?
  Thanks,
  Lorenzo Soncini
  LSo Lorenzo Soncini Trento TN - Italy

  Hi Lorenzo,
  Nesting local groups (add a local group to the group membership of another local group on the same client )is not recommended.
  Refer to:
  Nesting of local groups is not supported on workstations or member servers
  If we execute this operation via Computer Management Interface, it will produce error.
  Some group authoring tools can add local Group To local Built-in Groups, however, our suggestion is to never nest local groups even when it is allowed by a group authoring tool like “net local group” because such nesting doesn’t reflect the group expansion
  constraints and the end results would be different from the expected results.”
  Refer to:
  Nested User Groups (Groups in Groups) / Built-in Local Groups Issue
  If there is anything else regarding this issue, please feel free to post back.
  If you have any feedback on our support, please click here.
  Best Regards,
  Anna Wang
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]