Re: "Access Denied" to local machine mgmt console

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "MandG" <gscanga@xxxxxxxxx>
Date: 20 Dec 2006 09:28:26 -0800

That's already in there by default by the fact that the Domain Admins group
is automatically part of the workstation's Local Admin group once the
workstation is joined to the domain. Domain Admins, and you don't need to be
an Enterprise Admin to be able to remotely control/connect to a workstaion
using RDP. If in a multi-domain scenario, the Domain Admin of each domain is
sufficient. Enterprise Admin is only for forest procedures, such as with
DHCP management and other forest specific stuff and not required for what
you are trying to do.

If I didn't understand what you are trying, please elaborate further. You
can also roll this out with a GPO using restricted groups.

Well this is a single domain/forest so then I guess I can simply ensure
that I'm a member of the Domain Admins group and not even worry about
the Enterprise Admin group.

You say that the Domain Admins Group is automatically included in the
local RDU group, correct? Will this be shown on a users local computer
(that the local RDU group includes the domain Domain Admin group) or is
this just an invisible inheritance?

Also, thanks for the tip on setting up a restricted groups GPO - I'm
configuring that now :-)

And lastly, I'm still not 100% certain on my original question about
not being able to manage computers through my W2k server DC - why does
it give me Access Denied?

.

Follow-Ups:
- Re: "Access Denied" to local machine mgmt console
  - From: Ace Fekay [MVP]

References:
- "Access Denied" to local machine mgmt console
  - From: MandG
- Re: "Access Denied" to local machine mgmt console
  - From: Hakan GOKCOL
- Re: "Access Denied" to local machine mgmt console
  - From: MandG
- Re: "Access Denied" to local machine mgmt console
  - From: Ace Fekay [MVP]

Prev by Date: Re: Restoration of Domain Controller on Different Hardware System
Next by Date: why do I want a domain controller and AD ?
Previous by thread: Re: "Access Denied" to local machine mgmt console
Next by thread: Re: "Access Denied" to local machine mgmt console
Index(es):
- Date
- Thread

Relevant Pages

Re: Programs and Group Policies
... and several other users with that are in the Domain Admins group on the ... Indicating that Domain Admins are in the local ... administrator security group. ... While logged on to the workstation as the local administrator any of the ...
(microsoft.public.windows.server.sbs)
Re: Prevent changes to Administrator password
... To add to what I already said: *ANY* member of a Domain Admins group *MUST* be trusted in what he does with his account. ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... * This posting is provided "AS IS" with no warranties and confers no rights! ...
(microsoft.public.windows.server.active_directory)
Re: W2K Pro Local Admins
... domain admins want back ... >> having Domain Admins group in the Local Administrators ... >> people that are local admins on every machine. ...
(microsoft.public.win2000.security)
RE: Domain Admins in NT 4 Domain
... Your account is no longer a part of the Domain Admins group in the NT4 ...
(microsoft.public.windows.server.active_directory)
Re: Sharepoint Permissions
... The only way it would make sense (apart from the user being a member of the ... was a member of the domain admins group. ... from the local admin group on the SQL server. ...
(microsoft.public.sharepoint.windowsservices)