Re: Local Logon To Domain Controller
From: Chriss3 (noSpamHere_at_chrisse.se)
Date: 03/08/04
- Next message: Simon Geary: "Re: Policy group"
- Previous message: Lanwench [MVP - Exchange]: "Re: Local Logon To Domain Controller"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Local Logon To Domain Controller"
- Next in thread: Herb Martin: "Re: Local Logon To Domain Controller"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 8 Mar 2004 18:16:52 +0100
Stuart please tell us more about your needs, so we can provide the best
solution. That dose this administrators out to PCs have to do? and that kind
of rights are required?
(With out know much about your environment)
The follow solution may can be of use for you. You may create a group called
PC Admins or what ever you want. And assign this PC Admins group as local
administrators for the computers. This can be done within a Group Policy by
take use of the Restricted Groups at the follow location:
Computer Configuration\Windows Settings\Security Settings\Restricted Groups
If you have to delegate control of objects in an Active Directory to threes
PC Admins I'm strongly recommend you to use Delegation of Control Wizard:
Step-by-Step Guide to Using the Delegation of Control Wizard:
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/delegsteps.asp
Please feel free to post :) Have nice day!
-- Regards Christoffer Andersson No email replies please - reply in the newsgroup <anonymous@discussions.microsoft.com> skrev i meddelandet news:90a601c4052d$a41e1a80$a401280a@phx.gbl... > > >-----Original Message----- > >"Stuart Brown" <stuart.brown@east-ayrshire.gov.uk> wrote > in message > >news:8e4d01c4052b$ec6d1180$a301280a@phx.gbl... > >> Hi, > >> > >> I have a Domain running in one of my schools and I want > >> to "prevent" network users from being able to logon to > the > >> Server (Domain Controller) machine itself. > > > >The default already takes care of that -- on > the "powerful" groups, > >like Admins, Backup, Account, Server and Print operators > have the > >logon locally on DCs. > > > >> I want it so that only the "Domain Administrator" > account > >> can logon to the server as only me and my colleagues > have > >> this password. > > > >You could take it away from the other "powerful" groups > but > >that is seldom necessary. > > > >> Any ideas on how to do this would be greatly > appreciated. > > > >It's done -- wasn't that quick? <grin> > > > >-- > >Herb Martin > >> > >> Thanks very much > > > > > >. > >Not quite as simple as that. I have guys in place who > need admin rights on the client pc's, but I don't want > them to be able to logon to the server. These guys are > members of the "powerful groups though" and need to be.
- Next message: Simon Geary: "Re: Policy group"
- Previous message: Lanwench [MVP - Exchange]: "Re: Local Logon To Domain Controller"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Local Logon To Domain Controller"
- Next in thread: Herb Martin: "Re: Local Logon To Domain Controller"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
