RE: After joining domain, Users have become local admins
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Tue, 03 Jan 2006 07:44:06 GMT
Hi Henry,
Thanks for using the SBS newsgroup. Also thanks for Sal's input.
>From your description, I understand that you have some questions about
Local Administrators group members. If I am off base, please don't hesitate
to let me know.
When we join the client computers to domain using connectcomputer wizard,
the user accounts you assigned to the client computer, along with the
Domain Admins group, will be added to the local Administrators security
group so that they have the right to install client software onto the
computer. The client software installation process need run under the
administrator account. If you don't want to some user account has
administrator right, you needn't assign the account to the computer here.
In domain environment, domain users can logon any computers if they has
sufficient permissions.
To delete those user accounts from administrator group, you can logon the
computer with domain admin account or local administrator account, locate
Start -> control panel -> User accounts, open User accounts page, click
Remove button to remove user accounts from the Administrator group.
There are some group policies about the topic, hope it useful to you:
320065:How to Configure a Global Group to Be a Member of the Administrators
http://support.microsoft.com/?id=320065
Q228496 HOW TO: Use Restricted Groups in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q228496
Q279301 Description of Group Policy Restricted Groups
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q279301
Q320045 HOW TO: Restrict Group Membership By Using Group Policy
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q320045
Step-by-Step Guide to Understanding the Group Policy Feature Set
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
directory/activedirectory/stepbystep/gpfeat.mspx
Hope it helps. If you have any further question on the issue please let me
know. I am happy to be assistance to you and look forward to your reply!
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: After joining domain, Users have become local admins
>thread-index: AcYQJDshLD7A7sJiTFeZKeycFArfqw==
>X-WBNR-Posting-Host: 71.194.7.126
>From: =?Utf-8?B?U2Fs?= <Sal@xxxxxxxxxxxxxxxxxxxxxxxxx>
>References: <43b971c9$0$18331$8fcfb975@xxxxxxxxxxxxxxx>
>Subject: RE: After joining domain, Users have become local admins
>Date: Mon, 2 Jan 2006 21:12:02 -0800
>Lines: 29
>Message-ID: <82FA05D2-41B7-41E9-9606-05EE131B6A56@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:233633
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>This should lead you in the right direction....
>
>http://windows.stanford.edu/Public/Infrastructure/LocalGroup.html
>
>
>
>"Henry Ward" wrote:
>
>> Hi,
>> I have added a crowd of users using the connectcomputer thing and these
guys
>> have have all become admins of their machines. Is this By design ?
>> What should I do to bring them back into to line ? Normal users unable
to
>> create havoc. Can this be done by script ? GPO ?
>>
>> Talking about GPOs , is there a GPO treasure trove out there ? A Top
Ten,
>> Fave Rave List ?
>>
>> TIA
>>
>> henry
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
.
- References:
- After joining domain, Users have become local admins
- From: Henry Ward
- After joining domain, Users have become local admins
- Prev by Date: RE: Best Practice
- Next by Date: RE: Fax Monitor
- Previous by thread: After joining domain, Users have become local admins
- Next by thread: Re: new server? - how to migrate
- Index(es):
Relevant Pages
|
