Re: Fwd: Domain client machine disable admin access

[krymson () gmail com]

I'll just reinforce what others are already likely saying.

If you own the computer, ask them to stop or remove yourself from the domain. (I doubt this is the case.)

If it is a work computer owned by your organization, then there's really nothing you can do.

I do similar sysadmin work involving domain access and, quite frankly, if you're on my network I can get into you. If 
you stop me, I'll take your computer away, reduce your system privileges, or involve your manager because you're 
impeding my job duty and endangering the company.

Of note, I don't think you want to be trying to remove domain admins and such. You can mess some things up, but any 
time I see that it's a huge red flag that someone has something to hide, and you'll be on my "watch closely" list for 
years. And I'm not even a BOFH...

Your best bet, if you're in a small enough company, is to make friends with your domain admins, say hi, buy them a 
soda, share your porn. At least then if you do something they are less likely to put you on the black sheep list and 
less likely to immediately involve your manager.



<- snip ->
Is there a way to stop the domain admin from connecting to a client machine?

I am a member of a domain and it has come to my attention that
management has been scanning for installed software among other
things, i have the XP firewall enabled and have removed the domain
admins group from the local admins group. Is there anything else i
need to do to deny domain admin access to my machine?