Macs loosing their admin group

[Bill-G]

Has anybody else seen an issue where the admin group (group 20) on a Mac bound to AD either vanishes or the plist file is empty?

The net result is that any local administration account is only a standard account and cannot be made admin again. Also if you are applying MCX policies the Mac may start acting as if parental controls are in effect and tends to prevent you opening much.

This may or may not be linked with the Mac’s AD bind getting corrupted so that if you unbind and attempt to rebind you are told that the AD admin account has the wrong password etc.

The Macs in question are running 10.5.6 / 10.5.8 and are bound to Win 2003.

I can fix it by replacing the admin.plist with a vanilla copy and if the bind has gone away by deleting /var/db/dslocal/nodes/Default/config and /Library/Preferences/DirectoryService but I really would like to stop it happening in the first place

[Lindsay Robertso]

OK, im having a problem with computers that are bound to AD having local admin accounts suddenly become managed.
But its 10.6.7 and win 2008 server

No idea how to stop it happening

l.

[Author]

Posts