Add User or Group as Local Administrator on Domain Controller
Add User or Group as Local Administrator on Domain Controller
As a Systems Administrator, you might run into a situation where you need to add a user or service account as a Local Administrator on a Domain Controller. Unfortunately, Domain Controllers don’t have the Local Users and Groups databases once they’re promoted to a Domain Controller. Depending on what your needs are, you might be able to add the user or service account into the Domain\Administrators group within Active Directory.
This will allow the service account or user to read Event Logs and other administrative tasks.
Within Active Directory, search for your Builtin\Administrators group and add your service or user account into that group. If you have a Domain Trust setup, you can also add accounts from other trusted domains.
From an administrative command prompt, you can run net localgroup Administrators /add {domain}\{user} without the brackets.
You can, however, setup local administrators on Read Only DCs (RODCs) on Windows 2008 Domain Controllers and higher. This will grant local permissions to the server without granting advanced Active Directory permissions.
WARNING: Adding a service or user account to the group above will grant the account permissions to make changes in your Active Directory environment, not just the local Domain Controller server.
Remove Compatibility Mode settings from the registry
Compatibility Mode setting can cause problems when you try to install application
- Right click a application shortcut (on the desktop, on the Start menu, etc.) or right click on application.exe in local folder in Program Files or in Program Files (x86)
- Choose Properties and click the Compatibility tab
- In this tab, remove any and all check marks
Specifically for this issue, you should remove the check from the box next to Run this application in compatibility mode and click OK.
Another way - another way to delete the entry in the registry
- On the keyboard, press (the Windows key)+R to open Run
- In the Run dialog type: regedit and click OK, which will open the Registry Editor
- Click Yes in the User Account Control dialog (if necessary)
- Browse to:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers - Click Layers to select it
Note: You may want to look in the right pane to see if things besides application are listed and you may need to expand the Name column to see the path (this is usually C:\Program Files\...\application.exe); if multiple items are listed, click just the application one to select it - Press Delete on the keyboard
- Click Yes in the Confirm Key Delete dialog.
Pages that help you locate an IP address or domain:
Pages that help you locate an IP address or domain: