Windows 2000 server and networking

[jardaine1138]

alright, i hope that someone can help me with this

i am incharge of a medium sized network and i am trying to work out the glitches in the system.  i am curently running server 2000 and everything is going well but before i switch over to a domain i want to be sure that i have every thing set up the way i want it.  the first problem i encountered is that anyone on the network has to log off and then log on to their own computer in order to administrate their computer.  this is a problem because every computer on my network is configured by the user in order to facilitate the learning process.  anyway, i want to setup my domain so that everyone on the domain can administrate their own computer without having to log off and back on.  the only way i have found to do this is to add eveyone to the "domain admin" group and the problem with doing that is that then they can do the same thing to anyone's computer with no restrictions, they would even be able to log onto other people's computer with full access without a password.  which defetes the hole notion of security.  can anyone give me some hint or clue?

[query]

Add their network login (domain\username) to the local administrator group on their individual PC.

Are you running this in Active Directory native mode, or in mixed (NT compatible) mode?  If you're in Active Directory mode, you can use a group policy that allows the user to administer whichever machine(s) you want them to be able to administer, without having to run the lusrmgr (local user administrator) on the individual PCs.

[jardaine1138]

Thank you,

That helped a lot but I am still having problems in other areas I don't suppose you would be willing to give me a hand with some of them.

First of all I tried to connect another computer to my domain and I keep getting errors when logging on. Both of them are roughly the same, the first being that I can't create a user profile on the domain server. The other is the same error but in regards to a local profile.  I don't understand why the local profile isn't being created because I have gone in on several occasions and reset the security on the C: drive and made sure that the permissions were being inherited and that they were set to everyone but I still get the error.  The first error is due to the settings on the Domain controller.  I set it up (or thought I set it up) to tell the computer logging on to save it's user profile on the domain controller but on this c........  i just realized that I told the computer to save it's profile on the local D:\Users\  folder....oops.

Another area that I am grey on is drive mapping via scripting, I was told that if I wanted to have every one map their last drive to their user folder on the file server that I would have to create a batch script.  but I am not sure how to create a batch script.  It kinda makes it tough.  the person said that it should contain something like the directory of all the user folders and then logon or username with logon/username equaling that user's name which is the name of the folder.  but I am underqualified to do this without help or a tutorial

[query]

What mode of networking are you using (mixed mode or native Active Directory)?

[The Arg]

Okay, I'm a fellow member of jardaine's class, and it is now my turn to take over the class network, which means I have had to start from scratch with my two assistant admins.  I have run into the same problem that jardaine did, except tat I'm using Server 2003 instead of 2000...

I have tried going into the local computer and setting their network login as an admin on their local system, but I haven't found a context for the name that would work, and jardaine is being very tight-lipped.  Can anyone let me in on what the exact naming convention would be to do this?  And I'm using a native active directory, I believe, so would it be possible to set it up that way, through the group rights?  If so how?

Update:  I've found where to set the net logon as a local administrator, but whenever I try to do so, I get a message saying that the domain either doesn't exist, or can't be reached.  But the PDC is up and operational, and I'm logged into the domain... can anybody think of what the problem might be, and how it might be fixed?

Any help would be appreciated