Re: Admin OU password change
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 04/01/04
- Next message: Chriss3: "Re: Software Deployment with GPO"
- Previous message: Chriss3: "Re: Enterprise Admins in Child Dc"
- In reply to: Danny: "Re: Admin OU password change"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: Admin OU password change"
- Reply: anonymous_at_discussions.microsoft.com: "Re: Admin OU password change"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 1 Apr 2004 13:19:41 -0500
Danny,
I do not understand how can the IT Department not be high enough up the
chain of command to be held responsible for something so important as
passwords? This thought process makes absolutely zero sense to me. Do
these supposedly intelligent people have any idea what the IT department
does / can do / is responsible for doing?
I might have a difficult time working in a situation where the thought
process at any company is that the IT Department can be filled by any monkey
off of the street. That usually speaks volumes as to the type of company it
is.
Or am I completely misunderstanding this? I do indeed understand politics.
I worked in the Entertainment Industry in Beverly Hills for 2 1/2 years
before moving to the East Coast. Lots of little tiny lap dogs yapping
"YES!" all the time to the boss.....
Cary
"Danny" <nonya@nonya.com> wrote in message
news:tsko60d0vlli47m1qcmbk0q1egqvhda2gs@4ax.com...
> I had to think about this... a LOT..
>
> Small office. Business manager or other administrative person. Boss
> decides that this person is in charge of passwords for the entire
> domain because IT isnt far enough up the chain of command to be held
> responsible for something as important as passwords.
>
> That may not be his reason, but it could happen...
>
> It's along the same vein as not being allowed your bosses password
> (for security reasons) but yet you are an AD admin and could change it
> in 10 seconds.
>
> Politics are fun.
>
> Danny Messano
>
> On Thu, 1 Apr 2004 07:45:01 -0500, "Cary Shultz [A.D. MVP]"
> <cwshultz@mvps.org> wrote:
>
> >Mathias,
> >
> >What 'Admin OU' do you mean? Have you created an OU called 'Admin' and
then
> >placed all of the user account objects which are a member of the 'Domain
> >Admin' group ( or similar ) in that OU? Now you are trying to delegate
to
> >a 'regular' user account object the ability to change the passwords for
> >these 'Admin' user account objects?
> >
> >If this is the case then I might suggest that you re-think what you are
> >doing! And very quickly. Do you really want a 'regular' user to be able
to
> >change the passwords for all of the 'Domain Admins'? Now that person
could
> >access just about everything ( and the things that he/she could not
access -
> >due to the necessity of being an Enterprise Admin or a Schema Admin -
could
> >very quickly be accessed with one or two very quick and easy changes! ).
> >
> >HTH,
> >
> >Cary
> >
> >
> >"Mathias" <anonymous@discussions.microsoft.com> wrote in message
> >news:16b2501c417a4$3e061d40$a401280a@phx.gbl...
> >> Hi,
> >> I was wondering whether it were possible to delegate
> >> control to a non-administrative user to reset passwords
> >> in the Admin OU? I've got the rest of the OU's sorted
> >> but this is proving to be a real thorn in my side,
> >>
> >> Thanks,
> >> Mathias
> >
>
- Next message: Chriss3: "Re: Software Deployment with GPO"
- Previous message: Chriss3: "Re: Enterprise Admins in Child Dc"
- In reply to: Danny: "Re: Admin OU password change"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: Admin OU password change"
- Reply: anonymous_at_discussions.microsoft.com: "Re: Admin OU password change"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
