Re: Unauthorized user creating Computer accounts on AD
From: David Adner (davidadner_at_yahoo.com)
Date: 03/06/04
- Next message: Zuhaib: "Re: Active directory problem"
- Previous message: David Adner: "Re: Active directory problem"
- In reply to: Richard: "Unauthorized user creating Computer accounts on AD"
- Next in thread: Rytis: "Re: Unauthorized user creating Computer accounts on AD"
- Reply: Rytis: "Re: Unauthorized user creating Computer accounts on AD"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 05 Mar 2004 20:50:59 -0600
By default, all users can create up to 10 computer objects.
Richard wrote:
>
> Here's the deal: I work as a sysadmin for company where a
> user showed me how he was able to create a computer
> account on AD. Based on what he's told me, he's always
> been able to but he doesn't know why and how and no one
> else has the ability.
>
> He's neither a member of Enterprise Admin, Domain Admin,
> or Account Operators group.
>
> He's creating it where it's going into the default
> Computer Container in the root of the Active Directory and
> his account was not delegated any control.
>
> I checked his group membership and none of the groups he's
> a member of are within the administrative groups named
> above.
>
> I verified that he does not have admin rights in the sense
> that he could not access an administrative share on either
> the network or servers.
>
> What's going on???!!!
- Next message: Zuhaib: "Re: Active directory problem"
- Previous message: David Adner: "Re: Active directory problem"
- In reply to: Richard: "Unauthorized user creating Computer accounts on AD"
- Next in thread: Rytis: "Re: Unauthorized user creating Computer accounts on AD"
- Reply: Rytis: "Re: Unauthorized user creating Computer accounts on AD"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
