Re: Prevent changes to Administrator password
- From: Paul Bergson [MVP-DS] <pbbergs@xxxxxxxxxxxxxx>
- Date: Mon, 27 Oct 2008 12:19:49 +0000 (UTC)
Hello Taz1972,
You should only need a couple of users with DA rights. I worked previously for a company of 50,000+ and we had 4 (Yes 4) DA's. Just because someone wants something and they want it quick doesn't mean you have to respond quickly. In other words less DA's will put a greater emphasis of certain work on a few people, that is normal. Re-Evaluate your situation and fix it instead of trying to figure out a bandaid approach.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights.
Hello,
I administer a server 2003 AD domain which spans many sites across the
globe. Problem is there are too many people who knew the root
administrator password (which contains enterprise admin rights), so I
decided to change the password. I then gave the other admins new
accounts with just domain admin rights so they have just enough rights
to do their jobs. They do not need enterprise admin rights.
The problem is that the other admins can change the root administrator
password at their leisure, and this is not what I want them to be able
to do!
How can I prevent then from changing the password of the root
administrator account? Is there a registry hack or GPO setting that
can do this? Is this even possible to prevent?
Hopefully there is some way to solve this, and I would greatly
appreciate your quick advise.
Thank you,
Admin
.
- References:
- Prevent changes to Administrator password
- From: Taz1972
- Prevent changes to Administrator password
- Prev by Date: Re: Denying add or delete OU
- Next by Date: Re: Cannot login
- Previous by thread: Re: Prevent changes to Administrator password
- Next by thread: Proxy override
- Index(es):
Relevant Pages
|
