Re: Need to Prevent Admins from Logging on to all servers
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Tue, 28 Oct 2008 14:39:13 -0000
Hi
Hum...
In fact you can do that. As others said, you can define polices that locks the domain Admins out of your servers, but... if they want... and because they have that privilege, they can override your policies or change them manually or in some scenarios the system will replace existing configuration protecting members off that group to ensure that they have the privileges that they must have.
Just because they have the power to do that doesn't mean that your company policy allows that someone with high privileges can do whatever they want in the domain, if a person cross the line and is caught, that person should be responsible for his/her actions. Now... as others said, trust only domain Admins security group to people that should have that right, and shouldn't bother to lock this or that because those people "are" trusted and responsible.
The other option is to remove the servers from the domain; of course this has other problems that may not serve your interest :)
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- References:
- Need to Prevent Admins from Logging on to all servers
- From: Victor Asuquo
- Need to Prevent Admins from Logging on to all servers
- Prev by Date: Re: Prevent changes to Administrator password
- Next by Date: Adding options to drop down.
- Previous by thread: Re: Need to Prevent Admins from Logging on to all servers
- Next by thread: Re: Need to Prevent Admins from Logging on to all servers
- Index(es):
Relevant Pages
|
