My AD account gives me admin privileges on our PCs (allowing me to install software, add PCs to our domain, change network configuration, etc). But with a small handful of PCs (Windows 2000 and Windows XP) when I log in I only seem to have standard privileges.
It does accept my username and password so it must be talking to one of our domain controllers (can't be using cached credentials because it's the first time I'm logging into these PCs). I've tried pointing it to different domain controllers, but that doesn't make any difference.
I've tried refreshing group policy on the PCs, that completes without errors but doesn't make any difference.
I've tried moving the PCs into different OUs, including ones that other PCs work okay in, again it doesn't make any difference.
Asked my colleagues (who have similar accounts) to log in using their accounts. No difference.
What other things should I be checking?
I'd compare the local users/groups between a PC that works and one that doesn't. Specifically, I'd look into the local Administrator groups on a PC that works the way you expect, and see if there's a Domain group in there that isn't on the PCs that don't work correctly.
For example in our domain, domain administrators are under the group "Domain Admins" and then this group is added in the local "Administrators" group in every PC in the AD. This way every domain administrator is automatically a local administrator as well.