Re: administrator on box also on domain?
- From: "bob" <someone@xxxxxxxxxxxxx>
- Date: Wed, 10 Aug 2005 14:13:39 +1000
"Larry D" <ldempsey@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:u%23bVMmVnFHA.2904@xxxxxxxxxxxxxxxxxxxxxxx
> That is what I am trying to figure out. If I add John Doe to the
> administrators group at the PC then it shows something like:
>
> administrator
> domain_name\Domain Admins
> domain_name\John.Doe
>
> But if I add John Doe as a user first, then go into the local
> administrator's group I can add him and it looks like:
>
> administrator
> John.Doe
> domain_name\Domain Admins
>
> So my question is, what is the difference as far as permissions and rights
> for 'domain_name\John.Doe' as an administrator and just 'John.Doe' as an
> administrator? Therein lies my quandry...
>
> Larry
>
>
> "bob" <someone@xxxxxxxxxxxxx> wrote in message
> news:ealuwEVnFHA.3828@xxxxxxxxxxxxxxxxxxxxxxx
> >
> > "Larry D" <ldempsey@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:Olyt9rUnFHA.1480@xxxxxxxxxxxxxxxxxxxxxxx
> >> My last job we had a Power Users group on the AD domain and all users
> >> were
> >> in it, except for the IT department, and the users were locked down
> >> pretty
> >> tight. My new job does it differently, no polices in force, install
what
> > you
> >> want. In AD all users are in the domain users group, but at the PC the
IT
> >> people would go in to Computer Management and add the user of that PC
to
> > the
> >> Administrators group on the domain. They want the users to be admins of
> > the
> >> box so they can install software, printers, etc. Adding them as admins
on
> >> the box does not make them appear in the admin group in AD, so I am not
> > sure
> >> if it is the same thing or not. I know you can add the user to the
users
> >> group then add him to the admin group on the box and that is definitely
a
> >> local issue, but what about the other?
> >>
> >> TIA, Larry
> >>
> >>
> >
> > Hi Larry,
> > Are you confusing the Administrators group on the workstation with the
> > Domain Administrators Group in AD?
> > The Domain Administrators group on the Domain is made a memebr of the
the
> > local Administrators group when the workstation joins the active
directory
> > domain.
> > Any user who is a memebr of Domain Administrators can then administer
any
> > box
> > In my company we want the user of the PC to be an administrator of their
> > own
> > PC and nothing else, so we add the user to the local Administrators
group
> > only.
> >
> > Hope this clears things up
> >
> > Bob
> >
> >
>
>
It all depends where the John.Doe account is created
If it is created in the Domain then the entry will look like
domain_name\John.Doe
If the account is created on the PC then it will look like John.Doe
My advice is to create all the user account in the Domain, and then add them
to the individual PC Administrators group
This way you can still apply GPO later if need be eg Password expiry time
etc
.
- References:
- administrator on box also on domain?
- From: Larry D
- Re: administrator on box also on domain?
- From: bob
- Re: administrator on box also on domain?
- From: Larry D
- administrator on box also on domain?
- Prev by Date: Good Books on NTDSUtil and Hacking Active Directory?
- Next by Date: Re: Active Directory Server With No DNS Server
- Previous by thread: Re: administrator on box also on domain?
- Next by thread: Re: administrator on box also on domain?
- Index(es):
Relevant Pages
|
