Re: Local Admin
From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 10/19/04
- Next message: Torgeir Bakken \(MVP\): "Re: Group Policy editor language"
- Previous message: Matt Anderson: "Re: how to do this?"
- In reply to: Jody Stoll: "Local Admin"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 19 Oct 2004 20:11:06 +0200
Jody Stoll wrote:
> Hello,
> Is it possible through Group Policy to add the 'domain Users' group to
> the 'Local Administrators' group on all Windows XP Pro workstations in a
> 2003 AD Domain
Hi
For security reasons, I suggest you add "NT Authority\Interactive"
and not "Domain Users" to the local Administrators group.
We add "NT Authority\Interactive" in the local Administrators
group to let all domain users automatically be local admins
when they log on to a domain computer interactively.
This is more secure than adding "Authenticated Domain users ",
"Domain Users" or "NT AUTHORITY\Authenticated Users" because you
avoid the issue with cross network admin rights (remote access)
that these groups introduces.
-- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx
- Next message: Torgeir Bakken \(MVP\): "Re: Group Policy editor language"
- Previous message: Matt Anderson: "Re: how to do this?"
- In reply to: Jody Stoll: "Local Admin"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
