Re: Group Policy

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Robert Moir (bofh_at_mvps.org)
Date: 07/16/04

Next message: Barb: "Safe mode not available"
Previous message: Jeff Cichocki: "Re: registering a client to the domain"
In reply to: jc: "Group Policy"
Next in thread: jc: "Re: Group Policy"
Reply: jc: "Re: Group Policy"
Messages sorted by: [ date ] [ thread ]

Date: Fri, 16 Jul 2004 15:12:56 +0100

jc wrote:
> Our developers have gotten hold of the administrator
> password and have decided it would be great to add lots of
> machines to our domain for testing. Naturally this is
> causing us nightmares with resources, DHCP, security and
> other fun issues. And just as naturally, changing the
> administrator password is a tad difficult as it ties into
> a billion and two things.
>
> We tried to disable local logon in the default domain
> policy (as the "computers" container is not an OU), and
> fixing this in suitably configured OUs - that way we know
> what they're up to when they ask us why they can't log on;
> then we club them, and do the job properly.
>
> Unfortunately in any given policy this is either enabled
> or not configured (there is no disable option) so by
> default that setting carries through to all OUs.
>
> So... as this isn't the correct way to do this, does
> anyone know of an alternative? TIA

Well i'd personally have the errant developers, whoever gave them the admin
password, and possibly whoever "tied in" the administrator password to "a
billion and two" things given a final written warning, if not fired
outright.

That should stop it happening again.

-- 
-- 
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
Kazaa - Software update services for your Viruses and Spyware.

Next message: Barb: "Safe mode not available"
Previous message: Jeff Cichocki: "Re: registering a client to the domain"
In reply to: jc: "Group Policy"
Next in thread: jc: "Re: Group Policy"
Reply: jc: "Re: Group Policy"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Permissions issue
... Don't change permissions in situations you are not sure why you are doing it. ... There was in the past a MSDN forum for developers of applications in Vista but I am not sure where it is now. ... The following has multiple forums that might be relevant and that would already have previous answers. ... How can I provide access to this program to administrator users, ...
(microsoft.public.windows.vista.security)
Re: SQL Server Security Best Practices
... So my assumption is there is not documentation specifying Developers, ... don't want Developers to have certain access, DBA's, System Admins. ... Developers why they don't need Local Administrator, ...
(microsoft.public.sqlserver.security)
Re: does a developper need admin access to SPS...
... I would suggest that the developers should use Virtual Servers, ... > grey area which does not allow this split-up, ... > needs to be local administrator on the server. ...
(microsoft.public.sharepoint.portalserver.development)
How to make domain users access local-IIS for web devp
... I work in a company which develops web apps in ASP, ASP.NET, PHP, Java, etc. ... All developers hv been logging in to the systems as administrators (of their ... We are now planning to implement AD and make developers login thru their ... Also i want them not to log in as Administrator but they should be able to ...
(microsoft.public.inetserver.iis.security)
cant log on my password majically has changed??pls help
... Hi there to whoever is listenin,I am from south africa and ... have a hp nx9000 laptop for home use,I am the ... administrator and have only had to type in my password ...
(microsoft.public.windowsxp.security_admin)