Re: Domain User Privileges on Client Computer
- From: Meinolf Weber <meiweb(nospam)@gmx.de>
- Date: Wed, 5 Nov 2008 09:30:31 +0000 (UTC)
Hello Genesis,
If you check the "Members" and "Member of" tab on the groups, you can exactly see to what groups they belong or where they are member of. So if they are members of enterprise admins they have all rights. Because "Enterprise admins" are member of "Administrators" and "Administrators" have local admin rights in a domain by default.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Thank you for the reply Meinolf Weber.
I checked the Active Directory services. The Domain Users is linked to
a Domain Group. I looked at the Group Policy Management, the Domain
Group has permissions: Link GPOs. Under the Groups and Users with
permission on the Domain Group is Enterprise Admins: Inherited = yes;
Status = Applies to this container and all child containers.
Domain Users -> Domain Group -> GPM -> Permission -> Link GPOs ->
Groups and Users w/ Permission for Domain Group -> enterprise Admins
-> Inherited: YES -> Setting -> Applies to this container and all
child containers
Not sure if what I just said is clear to you or fuzzy since I am a
novice-backup on this.
Is the structure causing the domain users to have administrator
privileges on client computers?
Thanks again.
"Meinolf Weber" wrote:
Hello Genesis,
If they are not added to the local administrators group with a
specified group or the account itself, basically it can not be. Even
if you use a GPO with restricted groups they should be listed in the
local admins group. Did you check Active directory builtin groups
like enterprise admins etc.? Are the domain user accounts you are
taking about addded there?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello Everyone!
I don't know if I am posting in a correct category, so please tell
me.
here is the problem: All domain user accounts suddenly have
administrator privileges on the client computers. I checked the
client
computers if the domain users are set up as administrators but they
are not. Checked the domain users setting found everything is ok. If
I
connect a new client computer to the domain and a domain user
logged-in the privilege is not that of the administrator.
Am I missing something here? Any idea?
Thank you.
.
- References:
- Re: Domain User Privileges on Client Computer
- From: Genesis
- Re: Domain User Privileges on Client Computer
- Prev by Date: Re: Domain User Privileges on Client Computer
- Next by Date: WinPE -confirming driver thru devcon
- Previous by thread: Re: Domain User Privileges on Client Computer
- Next by thread: Re: Domain User Privileges on Client Computer
- Index(es):
Relevant Pages
|
