Re: local admin permissions on DC
- From: "Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx>
- Date: Tue, 26 Jul 2005 18:22:15 +0200
Hi,
If this is something you really want to do (!), you will have to give this
user "Log on locally" and "Allow logon through Terminal Services" on Default
Domain Controller Security policy. ("Allow logon through Terminal Services"
is only necessary if the user will be using RDP to logon to this domain
controller).
--
Mike
Microsoft MVP - Windows Security
"jremmc" <jremmc@xxxxxxxxxxxxxx> wrote in message
news:OOxFznfkFHA.1480@xxxxxxxxxxxxxxxxxxxxxxx
> Hi All,
>
> I remember a post about this a while ago but can't find -- how to give a
> person permissions to one specific DC only and not AD, DNS, WINS -- to be
> able to monitor and fix OS (when necessary, knock wood, good now :-)).
> Can't find references to this kind of how-to in docs.
>
> I know I have to add the person to DC Default Policy log on interactively
> for him to use remote desktop, btw.
>
> This is for monitoring a branch office DC -- the IT person was the NT
> domain admin there and we just migrated the office, he is not familiar
> enough yet with AD/WS2K3, want to limit him to just the DC as if it was
> not a DC. (hope that makes sense)
>
> Thanks!
>
>
>
>
.
- Follow-Ups:
- Re: local admin permissions on DC
- From: Jason Tan (MSFT)
- Re: local admin permissions on DC
- References:
- local admin permissions on DC
- From: jremmc
- local admin permissions on DC
- Prev by Date: How to set global environmental variables?
- Next by Date: RE: a problem with NTFS-permissions
- Previous by thread: local admin permissions on DC
- Next by thread: Re: local admin permissions on DC
- Index(es):
Relevant Pages
|
