Security Basics mailing list archives
Re: RE: Restrict the Domain Admin
From: sf_mail_sbm () yahoo com
Date: 29 Sep 2005 11:18:07 -0000
.. you can split the authentication between several people (have them each type a char and put their section in a safe...
Sounds good, but in practice, and in urgent situations, you have to contact all the persons holding the password... we have put something similar in place, and we face resistance from the operations and business guys who want a minimum downtime
Any right can be assigned under Microsoft
Tried to implement this also, and found that if I do not give a user the right to DELETE a user profile, he will NOT be able to MOVE a user from one OU to another OU... has anyone encountered this OR better is there a solution for this...
Current thread:
- Re: Restrict the Domain Admin, (continued)
- Re: Restrict the Domain Admin Cam Fischer (Sep 22)
- Re: Restrict the Domain Admin Glenn English (Sep 26)
- RE: Restrict the Domain Admin Brunner, Mark (Sep 19)
- RE: Restrict the Domain Admin Robert McIntyre (Sep 20)
- RE: Restrict the Domain Admin Craig Wright (Sep 22)
- RE: Restrict the Domain Admin Charles Otstot (Sep 26)
- RE: Restrict the Domain Admin Brian Loe (Sep 26)
- RE: Restrict the Domain Admin Depp, Dennis M. (Sep 22)
- RE: Restrict the Domain Admin Craig Wright (Sep 26)
- RE: Restrict the Domain Admin Craig Wright (Sep 26)
- Re: RE: Restrict the Domain Admin sf_mail_sbm (Sep 30)
- Re: Restrict the Domain Admin Cam Fischer (Sep 22)