Security Basics mailing list archives
Re: Restrict the Domain Admin
From: Raoul Armfield <armfield () amnh org>
Date: Fri, 16 Sep 2005 16:46:28 -0400
sf_mail_sbm () yahoo com wrote:
Your best bet would be to do what we did in our environment. We gave rights as needed. We only have 4 Domain Level Admin accounts and those are only to be used when absolutely needed. Everyone uses an account that only has as much privileges as their job requires.Hi List, Is there a way to restrict access of a Domain Admin?Example, can we allow a Dommain admin to do everything EXCEPT user management (e.g. password reset)?We want to secure our environment, and do not want to have "ALL-POWERFULL" domain admins around Thanks for your suggestions P.S. Environment: Windows (2000 & 2003) - Active Directory
By doing this you can give them any rights that they might need.Remember you WILL come across a situation where you want an "ALL-POWERFULL" domain admin account.
-- Raoul Armfield Support Specialist IT-Call Center armfield at amnh dot org American Museum of Natural History Central Park West at 79th Street New York, New York 10024-5192 (212) 313-7258 5152 1277 A04B 04C2 BBE4 3EE8 8369 3541 8B93 42DA
Current thread:
- Restrict the Domain Admin sf_mail_sbm (Sep 16)
- Re: Restrict the Domain Admin Christos Triantafyllidis (Sep 19)
- Re: Restrict the Domain Admin G. Chomic (Sep 19)
- Re: Restrict the Domain Admin Raoul Armfield (Sep 19)
- Re: Restrict the Domain Admin Pete Hunt (Sep 19)
- RE: Restrict the Domain Admin Brian Loe (Sep 19)
- Re: Restrict the Domain Admin cc (Sep 20)
- Re: Restrict the Domain Admin Cam Fischer (Sep 22)
- Re: Restrict the Domain Admin Glenn English (Sep 26)
- <Possible follow-ups>
- RE: Restrict the Domain Admin Brunner, Mark (Sep 19)
- RE: Restrict the Domain Admin Robert McIntyre (Sep 20)
- RE: Restrict the Domain Admin Craig Wright (Sep 22)
- RE: Restrict the Domain Admin Charles Otstot (Sep 26)
- RE: Restrict the Domain Admin Brian Loe (Sep 26)
(Thread continues...)