Security Basics mailing list archives
Re: Restrict the Domain Admin
From: "G. Chomic" <secure.computing () gmail com>
Date: Sun, 18 Sep 2005 04:28:45 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Really, domain admin management is more of an HR and policy based issue than anything else. At some point in current IT organizational structures that may be possible. But in current structures I really think that it is an HR issue. How far are you going to go with redundant and ever-increasing tools or circumventions to lock down someone you should really have complete trust in? I don't have some of the original links about this issue at hand, but this one came up in a quick Google search, and I've come across it in my feeds before: http://msmvps.com/bradley/archive/2005/08/30/64696.aspx G. Chomic sf_mail_sbm () yahoo com wrote:
Hi List, Is there a way to restrict access of a Domain Admin? Example, can we allow a Dommain admin to do everything EXCEPT user management (e.g. password reset)? We want to secure our environment, and do not want to have "ALL-POWERFULL" domain admins around Thanks for your suggestions P.S. Environment: Windows (2000 & 2003) - Active Directory
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDLSU9ZEPQmWb53voRAnpCAJ4ypxCD3EnZVnT7hZFZkHkqcrozGACgvNL0 96G4ELpsSiUoLh8Inaw0Xmg= =9lrL -----END PGP SIGNATURE-----
Current thread:
- Restrict the Domain Admin sf_mail_sbm (Sep 16)
- Re: Restrict the Domain Admin Christos Triantafyllidis (Sep 19)
- Re: Restrict the Domain Admin G. Chomic (Sep 19)
- Re: Restrict the Domain Admin Raoul Armfield (Sep 19)
- Re: Restrict the Domain Admin Pete Hunt (Sep 19)
- RE: Restrict the Domain Admin Brian Loe (Sep 19)
- Re: Restrict the Domain Admin cc (Sep 20)
- Re: Restrict the Domain Admin Cam Fischer (Sep 22)
- Re: Restrict the Domain Admin Glenn English (Sep 26)
- <Possible follow-ups>
- RE: Restrict the Domain Admin Brunner, Mark (Sep 19)
- RE: Restrict the Domain Admin Robert McIntyre (Sep 20)
- RE: Restrict the Domain Admin Craig Wright (Sep 22)
- RE: Restrict the Domain Admin Charles Otstot (Sep 26)
(Thread continues...)