Re: Domain Admin group in ISA 2006
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Wed, 9 May 2007 09:01:47 -0500
If you can't trust the Domain Admins then the war is already over and you lost.
ISA would be the last thing you have to worry about.
Don't give people Domain Admin privledges if they can't be trusted at that
level,...there are *other* ways to delegate the abilities to do the work they
need.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------
"Paul" <guardian911@xxxxxxxxx> wrote in message
news:uge24350avqp16omk1trbokq64dkd4112r@xxxxxxxxxx
I keep reading that one of the downsides of having ISA 2006 joined to the
domain is the fact that any domain admin can
compromise the ISA array configuration.
Isn't it easy enough to remove the Domain Admins security group from the local
administrator group on the ISA Server and
subsequently remove Domain Admins from having the ISA Server Full
Administrator role?
Unless there is some Group Policy in effect, the Domain Admins should not be
able to add themselves back, correct?
.
- Follow-Ups:
- Re: Domain Admin group in ISA 2006
- From: guardian911
- Re: Domain Admin group in ISA 2006
- References:
- Domain Admin group in ISA 2006
- From: Paul
- Domain Admin group in ISA 2006
- Prev by Date: Re: Bundle many adsl sources...?
- Next by Date: Critical Errors In Security Log
- Previous by thread: Re: Domain Admin group in ISA 2006
- Next by thread: Re: Domain Admin group in ISA 2006
- Index(es):
Relevant Pages
|
