Re: AD - permissions on the network
- From: "Anthony" <anthony.spam@xxxxxxxxxxxxxx>
- Date: Thu, 31 Aug 2006 14:25:25 +0100
1) Change the local Administrator password to something difficult and never
use it
2) Use Group Policy Restricted Groups to add your IT Support guys to the
local Administrators group with their normal account
3) Do not give users Power User rights either. The IT Support guys should be
able to do most things remotely
4) Find out what the users think they need admin rights for, and work out
how to get round it
Anthony
"RC" <RichChristy@xxxxxxxxx> wrote in message
news:1157029565.309341.139120@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
is it possible to configure a script, gpo, or push something through
AD, ldap, that will remove all permissions from the local
administrators group of the machine and replace it with ones I want on
there.
Basically we do not allow users to have local admin rights for obvious
reasons. Instead we give them power users. "Somehow" I am seeing
more and more that either the domain users group or the actual user is
being applied to the local admin group of the computer.
Im sure it happens over there but some morons who work here have our
admin password and their way of solving permissions/problems is just
giving the users local admin rights! Frustrating!
.
- References:
- AD - permissions on the network
- From: RC
- AD - permissions on the network
- Prev by Date: Re: Resolving SIDs to user names
- Next by Date: Re: Prevent software install
- Previous by thread: AD - permissions on the network
- Next by thread: Re: AD - permissions on the network
- Index(es):
Relevant Pages
|
