Security Basics mailing list archives
RE: Domain client machine disable admin access
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 21 May 2008 11:26:20 -0700
When I was a domain admin, I found it useful to add a login script to the default profile that would re-add Domain Admins to the local admins group (if the login account had admin rights) because I found users were doing this. Basically, your machine shouldn't be a member of the domain unless it belongs to the enterprise -- whose agents the domain admins are. If you're doing stuff you need to hide from them on a company machine, you should probably not work there any more -- it will look better on your resume if you leave first. David Gillett
-----Original Message----- From: Kelly Jones [mailto:kellyjones () worldonline co uk] Sent: Wednesday, May 21, 2008 6:55 AM To: security-basics () securityfocus com Subject: Fwd: Domain client machine disable admin access Is there a way to stop the domain admin from connecting to a client machine? I am a member of a domain and it has come to my attention that management has been scanning for installed software among other things, i have the XP firewall enabled and have removed the domain admins group from the local admins group. Is there anything else i need to do to deny domain admin access to my machine?
Current thread:
- Fwd: Domain client machine disable admin access Kelly Jones (May 21)
- Re: Fwd: Domain client machine disable admin access Dave Dearinger (May 21)
- RE: Domain client machine disable admin access David Gillett (May 21)
- RE: Domain client machine disable admin access Nick Vaernhoej (May 21)
- Re: Domain client machine disable admin access infolookup (May 21)
- RE: Domain client machine disable admin access Nick Vaernhoej (May 21)
- RE: Domain client machine disable admin access Murda Mcloud (May 21)
- <Possible follow-ups>
- Re: Fwd: Domain client machine disable admin access krymson (May 21)