Re: Admin with no Rights to Active Directory
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 03/19/05
- Next message: Mr.Jingles: "Re: floating table header in Reporting Services"
- Previous message: Joe Richards [MVP]: "Re: Public Folder... set to EVERYONE DENY READ..."
- In reply to: DebraH: "Admin with no Rights to Active Directory"
- Next in thread: DebraH: "Re: Admin with no Rights to Active Directory"
- Reply: DebraH: "Re: Admin with no Rights to Active Directory"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 19 Mar 2005 03:49:13 -0500
You can't, anyone who can make changes to services, files, etc on a DC can seize
domain admin access rights and even Enterprise Admin rights. Do not let anyone
but domain admins log into DCs.
joe
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net DebraH wrote: > How do I make someone an admin but take away their rights to making changes > within Active Directory? I would like to give a support user the ability to > logon to Domain Controllers to troubleshoot DHCP, DNS and some applications > that run on the server, but I do not want them to have the ability to make > changes to Active Directory (create or delete OUs, delete admins etc). > > Thanks > dhodgkins61@comcast.net
- Next message: Mr.Jingles: "Re: floating table header in Reporting Services"
- Previous message: Joe Richards [MVP]: "Re: Public Folder... set to EVERYONE DENY READ..."
- In reply to: DebraH: "Admin with no Rights to Active Directory"
- Next in thread: DebraH: "Re: Admin with no Rights to Active Directory"
- Reply: DebraH: "Re: Admin with no Rights to Active Directory"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
