Re: administrating workgroup from domain
From: Richard G. Harper (rgharper_at_email.com)
Date: 09/30/04
- Next message: Joseph Franco: "Router Problem Please help!"
- Previous message: Richard G. Harper: "Re: Remote Desktop Connection security"
- Next in thread: Mtek: "Re: administrating workgroup from domain"
- Reply: Mtek: "Re: administrating workgroup from domain"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 30 Sep 2004 07:01:18 -0400
I think you've got it. Let's pick on poor Bob as an example.
You have a domain account named "Bob". Bob is a normal domain user and has
no domain administrator rights. If you go to the Workgroup computer he
wants to connect to over the network and use the Local User Manager
(lusrmgr.msc) to add Bob's name and password to the Administrator group on
the local machine, he will be able to connect to it remotely and have
Administrator rights on the Workgroup PC, but still will have no Domain
rights other than Domain User.
-- Richard G. Harper [MVP Win9x] rgharper@email.com * PLEASE post all messages and replies in the newsgroups * for the benefit of all. Private mail is usually not replied to. * My website, such as it is ... http://rgharper.mvps.org/ * HELP us help YOU ... http://www.dts-l.org/goodpost.htm "Mtek" <jimlily2001@yahoo.com> wrote in message news:1CEE3F1D-A332-47F5-92DA-B625390960AC@microsoft.com... > Hmm. I may be dense, if I understand what you are saying. > > I could create an local account on my domain machine with no additional > rights buy regular users. > > Then create an local account on the workgroup machine with admin rights > with > the same local logon name as the domain machine. > > I could then log in locally on the domain machine connect to the workgroup > machine and have local administrative rights on the workgroup machine but > not > any domain rights. > > Or otherwords the workgroup machine cannot access any domain assets. Which > is what I want anyway. > > I do not have to change any local security settings to get complete local > access, and the workgroup is still isolated from the domain. > ? > > > "Richard G. Harper" wrote: > >> It doesn't work that way. You can connect to a workgroup PC with an >> account >> that is an administrator on that computer and get administrator access, >> but >> just because both accounts are administrators in their separate security >> spaces doesn't mean that rights transfer from one to the other. >> >> -- >> Richard G. Harper [MVP Win9x] rgharper@email.com >> * PLEASE post all messages and replies in the newsgroups >> * for the benefit of all. Private mail is usually not replied to. >> * My website, such as it is ... http://rgharper.mvps.org/ >> * HELP us help YOU ... http://www.dts-l.org/goodpost.htm >> >> >> "Mtek" <jimlily2001@yahoo.com> wrote in message >> news:9C008DEA-A321-437A-92E8-DAEB29F75E66@microsoft.com... >> >I am not work this work this week so I can't try this. But seeing as I >> >have >> > an local admin account on the workgroup machine and a local admin >> > account >> > on >> > the domain machine, shouldn't I be able to log in locallally on the >> > domain >> > machine then administrer the workgroup machine? >> > >> > "Richard G. Harper" wrote: >> > >> >> An administrator on a remote PC may not be an administrator on the >> >> local >> >> PC. >> >> The account names, passwords and rights must match between all clients >> >> for >> >> the same rights to be granted on the client computer. >> >> >> >> -- >> >> Richard G. Harper [MVP Win9x] rgharper@email.com >> >> * PLEASE post all messages and replies in the newsgroups >> >> * for the benefit of all. Private mail is usually not replied to. >> >> * My website, such as it is ... http://rgharper.mvps.org/ >> >> * HELP us help YOU ... http://www.dts-l.org/goodpost.htm >> >> >> >> >> >> "Mtek" <jimlily2001@yahoo.com> wrote in message >> >> news:E599F916-48DC-4DF7-AA11-5DBDE429D975@microsoft.com... >> >> > Shouldn't there be some way of validating an administrator on the >> >> > remote >> >> > machine locally? >> >> > >> >> > "Richard G. Harper" wrote: >> >> > >> >> >> You can't. The reason you can administer a domain is because the >> >> >> security >> >> >> settings are centrally held. On a workgroup each workstation keeps >> >> >> its >> >> >> own >> >> >> security settings. >> >> >> >> >> >> -- >> >> >> Richard G. Harper [MVP Win9x] rgharper@email.com >> >> >> * PLEASE post all messages and replies in the newsgroups >> >> >> * for the benefit of all. Private mail is usually not replied to. >> >> >> * My website, such as it is ... http://rgharper.mvps.org/ >> >> >> * HELP us help YOU ... http://www.dts-l.org/goodpost.htm >> >> >> >> >> >> >> >> >> "Mtek" <jimlily2001@yahoo.com> wrote in message >> >> >> news:A16B3922-0C13-4851-B53B-BCED601DDE4C@microsoft.com... >> >> >> > How can I set up a workgroup on our network that I can >> >> >> > administer(remote) >> >> >> > from my admin domain workstation? >> >> >> > >> >> >> > I would like to be able to have admin access as I do in the >> >> >> > domain. >> >> >> > But >> >> >> > still leave the workgroup/user not able to share/use domain >> >> >> > resources. >> >> >> > >> >> >> > >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >>
- Next message: Joseph Franco: "Router Problem Please help!"
- Previous message: Richard G. Harper: "Re: Remote Desktop Connection security"
- Next in thread: Mtek: "Re: administrating workgroup from domain"
- Reply: Mtek: "Re: administrating workgroup from domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
