Re: Default Share access only for domain administrator (XP Professional SP2)

From: "Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m>
Date: Mon, 8 Jan 2007 09:14:39 -0800

Have you added "domain users" or any other domain groups to the local administrators group? If the users have local administrator rights (i.e. they are a member of a domain group that is a member of the local administrators group) they will be able to access the admin shares. There is no easy way around this and still let domain admins have access. You have to remove all the domain groups except domain administrators from the local administrators.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca

<siciliano@xxxxxx> wrote in message news:1168274485.492703.203030@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi Kerry

Are you talking about the hidden admin shares (eg C$)?
yes, exactly

Either all users are using the same account or all users are domain admins.
I don't hope so ;-)

Are the shares on the server or workstations?
workstations

Leonardo

References:
- Default Share access only for domain administrator (XP Professional SP2)
  - From: siciliano
- Re: Default Share access only for domain administrator (XP Professional SP2)
  - From: Kerry Brown
- Re: Default Share access only for domain administrator (XP Professional SP2)
  - From: siciliano

Prev by Date: Re: Default Share access only for domain administrator (XP Professional SP2)
Next by Date: Re: Quick VPN setup?
Previous by thread: Re: Default Share access only for domain administrator (XP Professional SP2)
Next by thread: How to stay in a workgroup but also be apart of a domain
Index(es):
- Date
- Thread

Relevant Pages

Re: problem with logon on a windows 2000 or XP client machine
... member of the local users groups. ... the local administrator group on the computer), I get my desktop and I ... When I add the domain users ... to the local administrators group and log in with a domain user ...
(microsoft.public.win2000.security)
Re: Please help with folder permissions
... All the domain users are a member of the local administrators group. ... If I remove domain users from local administrators it all works fine! ... The user becomes the owner not the local admin group. ...
(microsoft.public.win2000.security)
Re: How2: User Rights on Domain but Admin Rights on Computer
... You can add domain users to the local Administrators group with ... Mathworks MATLAB for example install their services. ... able to run it even if he is just a member of domain users group. ...
(microsoft.public.windows.server.security)
Re: Login Script
... > If userA is a member of DOMAIN USERS and is a LOCAL ADMINISTRATOR to ... >>> a helpdesk person) to not be a member of "Domain Admins", ... LOCAL ADMINISTRATORS group with below code in FIGURE 1, ...
(microsoft.public.win2000.active_directory)
Re: How to make a AD group member of the local administrators grou
... Can I use your script and replace the user ingo with the group info or do ... ' Check if group already a member. ... group is still a member of the local Administrators group). ... And we need two domain groups to be member of the local administrators ...
(microsoft.public.windows.server.scripting)