Re: Domain adm X local adm
From: Thiago Zanolo Mainente - Jornal Regional (zanolo2_at_bol.com.br)
Date: 08/11/04
- Next message: zSplash: "Zip file with different extension"
- Previous message: zo_at_zorqanerx.pbz: "Re: Domain adm X local adm"
- In reply to: zo_at_zorqanerx.pbz: "Re: Domain adm X local adm"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 11 Aug 2004 12:14:56 -0300
there was no one int Domain admins, so no one can add new hardware. I have
to manually add at every workstation the user who will add new hardware. We
have a lot of workstations, and the same guy will add hardware to every
workstation.
So I put these guy into Domain Adminins and now he can add new hardware and
software easily.
Does he can do some changes at my domain, like make changes ad AD, florests,
DC, or others things. Because I want that he has full administrative power
only at the worstations...
"Michael Bednarek" <ROT13(zo@zorqanerx.pbz)> escreveu na mensagem
news:hd2jh0tfsbeufkd5j4eu23e9aaqeiagd87@4ax.com...
> On Tue, 10 Aug 2004 17:46:31 -0300, "Thiago Zanolo Mainente - Jornal
> Regional" <zanolo2@bol.com.br> wrote in
> microsoft.public.win2000.new_user:
>
> >Thanks to all. I put some users into Domain adminins and works perfect.
>
> What? Are you serious?
>
> You stated originally that the Domain Administrator couldn't install
> hardware at local PCs. How is granting Domain Users the privileges of
> Domain Admins going to solve that situation?
>
> As I said before, Domain Admins should be members of the local
> Administrators group. If that is not the case in your environment, you
> should investigate why not, and rectify it, probably in a login script
> along the lines of:
> NET LOCALGROUP ADMINISTRATORS /ADD "Domain Admins"
>
> I suggest you think about the consequences of making any domain users
> members of Domain Administrators. I run a fairly permissive network here
> with only a few and rather educated and responsible users, but it would
> never occur to me to grant any of them Domain Admin rights.
>
> >"Thiago Zanolo Mainente - Jornal Regional" <zanolo2@bol.com.br> escreveu
na
> >mensagem news:%23Fo7mrtfEHA.3040@TK2MSFTNGP10.phx.gbl...
> >> First thanks to all!
> >>
> >> The diference between domain adm and local adm is:
> >> - domain adm: can create domain accounts, create OU, changes at dns,
dhcp,
> >> wins, he can do everything.
> >> - local adm: (from workstations) can add new hardware at his
workstation,
> >> change conecction parameters, etc.
> >>
> >> So, if I have 100 workstations will I need to create at every
workstation
> >a
> >> locall account with adm power? Its because here were I work the
> >> adminstration account of my domain can log at every workstation but it
> >can`t
> >> change hardware. The domain adm doesn`t have local adminstration power.
> >>
> >> How can I resolve it?
>
> --
> Michael Bednarek http://mbednarek.com/ "POST NO BILLS"
- Next message: zSplash: "Zip file with different extension"
- Previous message: zo_at_zorqanerx.pbz: "Re: Domain adm X local adm"
- In reply to: zo_at_zorqanerx.pbz: "Re: Domain adm X local adm"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
