Re: Local Logon To Domain Controller
From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 03/08/04
- Next message: Chriss3: "Re: Local Logon To Domain Controller"
- Previous message: Chriss3: "Re: My Documents Redirection question"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Local Logon To Domain Controller"
- Next in thread: Herb Martin: "Re: Local Logon To Domain Controller"
- Reply: Herb Martin: "Re: Local Logon To Domain Controller"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 8 Mar 2004 12:06:31 -0500
anonymous@discussions.microsoft.com wrote:
<snip>
>> Not quite as simple as that. I have guys in place who
> need admin rights on the client pc's, but I don't want
> them to be able to logon to the server. These guys are
> members of the "powerful groups though" and need to be.
Create a "LocalAdministrator" group in AD. Add it to all the local
workstation Administrators groups. Add the appropriate parties to the
"LocalAdministrator" group, and make sure they don't have any domain admin
rights, etc etc etc. Voila - local admin rights, no monkeying around
elsewhere.
- Next message: Chriss3: "Re: Local Logon To Domain Controller"
- Previous message: Chriss3: "Re: My Documents Redirection question"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Local Logon To Domain Controller"
- Next in thread: Herb Martin: "Re: Local Logon To Domain Controller"
- Reply: Herb Martin: "Re: Local Logon To Domain Controller"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
