Re: 2003 AD intergration with local Administrator Accounts on xp/win2k

From: Brian Desmond [MVP] (desmondb_at_payton.cps.k12.il.us)
Date: 01/22/05

Next message: Brian Desmond [MVP]: "Re: DHCP server authorization - how does it work?"
Previous message: Brian Desmond [MVP]: "Re: Error when trying to add another domain controller to domain"
In reply to: Josh Davis: "2003 AD intergration with local Administrator Accounts on xp/win2k"
Next in thread: Cary Shultz [A.D. MVP]: "Re: 2003 AD intergration with local Administrator Accounts on xp/win2k"
Messages sorted by: [ date ] [ thread ]

Date: Fri, 21 Jan 2005 23:52:25 -0600

1. The restricted groups feature of Gp makes this easy to implement on a
large scale. Just define the Administrators group and put everyone you want
in there (inc domain admins, local administrator account)

2. Yes, essentially. In AD, a workstation and a member server account are
identical, really.

-- 
--Brian Desmond
Windows Server MVP
desmondb@payton.cps.k12.il.us
www.briandesmond.com
"Josh Davis" <none@nospam.net> wrote in message 
news:4283v0pi87l92fu4uufve9cq0cdrjm7vu5@4ax.com...
> Hi all we are migrating from NT4 to a windows 2003 server.
>
> My users are all engineers that have local accounts on their pc's
> each local account has full Administrator access so they can do
> whatever they want with their pc. Currently their pc;s are configured
> to work in a workgroup.
>
>
> I would like all of these end users to be a part of our new domain.
>
> A couple of questions come to mind.
>
>
> 1 How can AD be configured so that the user logging into the
> domain has full control of their local pc but not admin access
> of the actual domain.
>
>
> 2 Would I be correct in assuming that in the AD Scheme of things
> that when a pc logs onto a AD that they are really becomming a
> member server of the domain just like the method used for
> adding say a workstation/server to a NT Domain
>
>
>
> Thanks for your insight and assistance.
>
> Josh.
>
>

Next message: Brian Desmond [MVP]: "Re: DHCP server authorization - how does it work?"
Previous message: Brian Desmond [MVP]: "Re: Error when trying to add another domain controller to domain"
In reply to: Josh Davis: "2003 AD intergration with local Administrator Accounts on xp/win2k"
Next in thread: Cary Shultz [A.D. MVP]: "Re: 2003 AD intergration with local Administrator Accounts on xp/win2k"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: User Rights in TS
... recommends that any user be logged in as an administrator on the ... We don't use Group Policy yet. ... you should be running Terminal Services on a dedicated member server ... their own inherited user policy settings). ...
(microsoft.public.windows.terminal_services)
Re: Re: How to allow any domain user to logon to a XP Pro PC
... Server or advanced server and you create a domain by using DC promo ... (goes with logon hours). ... Local accounts should be limited to only those that need to be there - ... ie best case scenario -- local administrator. ...
(microsoft.public.windowsxp.security_admin)
Re: Cant logon to local machine (this computer) as administrator
... Then I could get in to the local machine as administrator. ... I later cleaned up the mess by stipulating in each client. ... >> can not log into thier local accounts anymore. ...
(microsoft.public.win2000.security)
Re: Must be going Mad
... When I checked the event viewer I discovered that ... the machine's computer account could not be found. ... > your DNS setup isn't functioning correctly and the member server isn't ... >> Administrator is not a member of Administrators only Builtin/Users. ...
(microsoft.public.cert.exam.mcsa)
Re: Changing from workgroup to domain
... for password I type the username and pass with administrator ... We have 3 windows XP workstations members of the domain where the ... I created a user that is in Administrators group on the member server ...
(microsoft.public.windows.server.networking)