Re: Local user privileges
- From: "Mark Heitbrink [MVP]" <spam-only@xxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 16 Sep 2005 14:59:26 +0200
Hi,
Angel Massa schrieb:
> When I looked at an user account both local and domain accounts where set as
> administrator for the local machine. I think this is not good as a user
> should not have administrator privileges ever his local machine.
This is not the default behavior.
If you look at the user object in AD, which security groups
is the user member of?
Lock in as administrator and remove the dom-user from the local
administrator group. Lock in as user, if he is admin again, then
there is something that takes efect on the default behavior.
In a GPO you can manipulate this via restricted groups.
You mus configure this manually to change the default behavior,
thats why I think, taht there is no entry.
Mark-
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
W2K FAQ : http://w2k-faq.ebend.de
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
.
- Follow-Ups:
- Re: Local user privileges
- From: Angel Massa
- Re: Local user privileges
- References:
- Local user privileges
- From: Angel Massa
- Re: Local user privileges
- From: Mark Heitbrink [MVP]
- Re: Local user privileges
- From: Mark Heitbrink [MVP]
- Re: Local user privileges
- From: Angel Massa
- Local user privileges
- Prev by Date: Re: Pop-Up Blocker Policy
- Next by Date: RE: Windows Firewall Program Exception List
- Previous by thread: Re: Local user privileges
- Next by thread: Re: Local user privileges
- Index(es):
Relevant Pages
|
