Re: Domain Admin password changes
- From: "Chriss3 [MVP]" <noSpamHere@xxxxxxxxxx>
- Date: Tue, 3 May 2005 01:15:37 +0200
Yes, by not making other members of domain admin or enterprise admins, and
only delegate required permissions, how ever this is not a recommended way
to troubleshoot security issues, you will have to use a security context
that is member of both enterprise admins and domain admins for several
operations today. I recommend you to limit the workstations where domain
admins can logon, monitoring administrative workstations, lock down
administrative workstations.
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"Mike B" <Mike B@xxxxxxxxxxxxxxxxxxxxxxxxx> skrev i meddelandet
news:B4E95989-3DFA-43BB-98DD-80CB686B247B@xxxxxxxxxxxxxxxx
> We are running AD 2003. My boss wants to set the default domain admin
> password and put that password in a safe for security. The problem is
> that
> an domain admin can change that adminstrator password. Is there a way to
> prevent the default domain admin's password from being changed by anyone
> other than logging in as the domain admin?
.
- References:
- Domain Admin password changes
- From: Mike B
- Domain Admin password changes
- Prev by Date: Re: DC cannot see AD
- Next by Date: Re: Password Policy Issue
- Previous by thread: Domain Admin password changes
- Next by thread: Re: Domain Admin password changes
- Index(es):
Relevant Pages
|
