Congratulations to the winners of the March 2001 Windows 2000 Pro UPDATE Reader Challenge. Denise Papier of the United Kingdom wins first prize, a copy of "Admin911: Windows 2000 Group Policy," by Roger Jennings, a best-selling Win2K author. Carlos M. Carter of Stone Mountain, Georgia, wins second prize, a copy of "Admin911: Windows 2000 Terminal Services," by Larry Seltzer, a Win2K expert and frequent contributor to Windows 2000 Magazine. (I love going to Stone Mountain, which is right outside Atlanta, because there's a factory outlet for those wonderful pocketbooks, and, oh yeah, there's this fascinating geological dome, too).

The Problem
My friend Sam called me this morning, and the panic in his voice was unmistakable. For several months, he's worked in the IT department of a major company, where his title and job description are rather nondescript. He often jokes that his business card should say "Go-fer, Grunt, and General Lackey." However, he's studying for certification and is hoping for a promotion to a job description a bit higher on the geek-level scale.

This morning's crisis was that Sam had been told to add a user named LarryR to several local computers in the accounting department and to give LarryR administrative rights on the local computers. LarryR is a new employee in the controller's office and needs access to local computers to use their printers (which aren't shared because they hold checks).

"I'm adding the new user in the Users and Passwords applet, but it's not working," Sam wailed. "Why isn't it working?"

"I need just a tad more information," I replied, and asked him the appropriate questions to gather the clues I needed to solve his problem. Here are three clues I collected. Can you come up with the solution?

  1. The computers are running Win2K Professional, logging on to a Win2K domain.
  2. Sam is logged on to the local computer as Administrator (his boss gave him the passwords).
  3. LarryR isn't a user in the domain.

Why can't Sam add LarryR to any of the local computers?

The Solution
Sam, using a certain amount of intelligent logic, headed for the Users and Passwords applet in the Windows 2000 Professional Control Panel. However, because the computers he was manipulating were logging on to a Win2K domain, the Users and Passwords applet couldn't add a new local user.

To create a new local user, Sam must open the local Computer Management snap-in. The quick way to accomplish this is to right-click My Computer, and choose Manage from the shortcut menu. In the Console pane, expand the System Tools object, if it isn’t already expanded (it usually is). Then expand Local Users and Groups. Right-click the User object, and choose New User to open the New User dialog. Fill in the username (the logon name), the other user information, a password, and the appropriate configuration options. Click Create to finish creating this new user, and click Close to close the dialog box. The new user appears in the right pane. Double-click the user listing to open the user's Properties dialog, and go to the Member Of tab to add this user to the Administrators Group.

Incidentally, if you start this task in the Users and Passwords applet, click the Advanced tab, then click the Advanced button to get to the Local Users and Groups snap-in.

Interestingly (or annoyingly, depending on your point of view), if the Win2K computers were working stand-alone or in a peer-to-peer network (workgroup), instead of logging on to a domain, Sam could have added new local users with the Users and Passwords applet. After you configure a computer to log on to a domain, Win2K turns off the ability to add local users with this tool. However, in a stream of logic I don’t "get," even though you can't add users to the local computer in the Users and Passwords applet, you can easily add users to the domain. Personally, I consider this design "feature" to be illogical enough to qualify as a bug.