Okay, what folks usually do on an NT domain network is this:

- Everyone on the network has regular "User" privileges. They are all members of the Domain Users group.

- On a local NT box, they can add their domain user account into that box's local Administrators group so that they have regular User privileges on the network, but Administrator privileges over their local box.

- For instance, let's say our domain is named "Domain". Suppose there is an account of "Domain\JoeBlow" in the Domain Users. When he sets up a new NT box named "JoeBlowsComputer", he logs in temporarily as "JoeBlowsComputer\Administrator" and adds "Domain\JoeBlow" to the Administrators group on JoeBlowsComputer. So later, when he logs into the box as "Domain\JoeBlow", he can install software etc., while still having regular privileges on the network.

- This procedure is done in the Windows NT "User Manager", which in 2000/XP is now the "Local Users And Groups" MMC snap-in, but it's essentially the same tool.

- Note that to do this procedure, he doesn't need to be a Domain administrator. His box needs the trust relationship with the domain, but let's assume that's already been done. He only needs to be a local administrator in order to modify the local box's security accounts.

All right. All well and this all works as it's expected to work for NT and 2000.

But just now I ran into the most irritating bug in XP, and it made me so angry that I had to share it.

In XP, if you try to add "Domain\JoeBlow" via the "Local Users And Groups" snap-in, it gives you all sorts of strange errors in this situation. Complains that you can't log in twice, you don't have permissions to do that, etc. A bunch of stuff is grayed out, it won't let you see the list of users in "Domain", etc.

One of my users spent a couple hours this morning trying to get this to work. I sat down at her XP computer and verified she was doing everything right. At least, she would have been doing everything right if this were NT or 2000. But XP was f*cked up six ways from Sunday.

Then, on a whim, instead of picking the "Local Computer Management" icon and choosing "Local Users And Groups", I picked a different icon related to user management, buried somewhere in that new incomprehensible menu of theirs. I assumed it would bring up the same old "Local Users And Groups" snap-in. It didn't. Instead, up came a wizard-like interface which asked me if I wanted to add a user. I said yes, picked the user from a list for the domain (the list that the other screen refused to give me), told it to add it to the local Administrators group, and bingo, there it was.

Son of a bitch. And to add insult to injury, that user now properly appears in the "Local Users And Groups" snap-in, which is what I was trying to make it do from the beginning. Literally, this stupid AOL-OS wizard-thingy let me do the exact same thing that the MMC snap-in wouldn't let me do. The EXACT same thing.

I hate XP.