Re: Domain Admin Permissions
- From: "Mathieu CHATEAU" <gollum123@xxxxxxx>
- Date: Wed, 3 Oct 2007 08:27:51 +0200
Hello,
You should never change the Default Policy. You should create a separate one. Moreover, that will make them local admin of servers, which is bad.
Create a new GPO and link it to your workstation OU (if all Workstation are in the Computers container, create a new OU)
Did you read the link i provided ? You will use the "member of" part.
Right click "restricted groups", choose add
type the dev group : Mydomain\dev_admins (or use the browse to get it)
Click the Add button (the down one!)
Type directly: Administrators
check gpo is replicated between dc and applied to pc
--
Cordialement,
Mathieu CHATEAU
English blog: http://lordoftheping.blogspot.com
French blog: http://www.lotp.fr
"David P." <DavidP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:02C74DE9-EBAB-4ECD-B733-3C81639B38B7@xxxxxxxxxxxxxxxx
Thanks for the reply.
So, I created a developers admin group and then went into edit our default
domain policy. I added the Developers admin group, but do not get how to
make that group a member of the local admins group. Where does that local
admin group exist? I know there is an administrators group on each local
machine, but how to I get to it. Will that restrict the domain admins?
Thanks!
"Mathieu CHATEAU" wrote:
Hello,
Create a group for that "developpers admins"
use GPO restricted group to make that member of local admin groups.
http://technet2.microsoft.com/windowsserver/en/library/2715d832-fe71-47f7-86fd-412f013a40cd1033.mspx
.
- References:
- Re: Domain Admin Permissions
- From: Mathieu CHATEAU
- Re: Domain Admin Permissions
- Prev by Date: Trying to add a user to AD via LDIFDE but receiving an error stating "Unable to update the password"
- Next by Date: Re: Question about Active Directory 2003
- Previous by thread: Re: Domain Admin Permissions
- Next by thread: Print Management on 2003 R2 - Crashing client spooler.
- Index(es):
