Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Local Admin Accounts

From: "Sweeny, Jonny" <jsweeny () IU EDU>
Date: Wed, 16 Sep 2009 16:00:51 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The domain administrator group must be (and this is set by
default when a system is joined to the domain) included in
all local administrator groups. Without this, systems will
drop off the domain.


Pardon me but I must correct you:

While it is true that the Domain Admins group is added to the Administrators group when the machine joins the domain, 
it is *not* true that the machine is removed from the domain when the Domain Admins are removed from this group.  We 
frequently remove the Domain Admins from our Admin groups and participate actively in domain membership.

- --
~Jonny Sweeny, GSEC, GCWN, GCIH, GWAS
Incident Response Manager, Lead Security Analyst
Office of the VP for Information Technology, Indiana University
PGP & S/MIME: http://informationsecurity.iu.edu/Jonny_Sweeny
jsweeny () iu edu -- phone: (812) 855-4194 -- fax: (812) 856-1011

-----BEGIN PGP SIGNATURE-----
Version: 9.10.0 (Build 500)
Charset: utf-8

wj8DBQFKsUPzkncdNJm5aegRAhgNAJsG4Quvi2dc4QPw6oMGV+LlnSwUEACfY8Vo
Lmpxyj7jEuMdYXwdpu93uqc=
=YY/G
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: