RE: Domain Question

From: Robert Clark (rclark@texascellular.com)
Date: 11/12/01 

From: "Robert Clark" <rclark@texascellular.com>
To: "'Andrea Iacopini'" <a.iacopini@tin.it>, <focus-ms@securityfocus.com>
Subject: RE: Domain Question
Date: Mon, 12 Nov 2001 09:57:40 -0600
Message-ID: <006401c16b92$c2e1cde0$fdfea8c0@ISDesktop>

What about changing them to the Power User group? Then you can limit the
number of Administrators. I would think that you would only want 1 or 2
admins any way. Are you running a WAN? If so, how many admins do you
have? I would think that theoretically, you would only want one per
server. (Maybe 2) It sounds like it's time to set and enforce a policy
if you can't limit the number of admins. Maybe they have to inform you
before they create any Administrator level user?

Robert Clark
MCSE, MCP+I, MCP, A+
MIS - Texas Cellular

> -----Original Message-----
> From: Andrea Iacopini [mailto:a.iacopini@tin.it]
> Sent: Monday, November 12, 2001 7:21 AM
> To: focus-ms@securityfocus.com
> Subject: Domain Question
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi guys,
> i have the following problems:
> my architetcture is domain ( winnt 4.0 ) based.
> Sometimes, during my monthly check, I see that my
> administrators number is greater then before cuz sumeone of
> these created admin account. How can I control the creation
> of administrative account by my administrators ? I say, how
> can i set only few administrator to create admin user. Any
> suggestion 'll be appreciated, but please don't answer me about
> AD: I cannot migrate !!
>
> Thanx in advance
>
> ******
> Andrea Iacopini - Security Consultant
> Secure Edge S.r.l. - your safety .net
> Viale Palmiro Togliatti, 1601 - 00155 Roma - Italy
> GSM: +39 335 7840340
> Tel: +39 06 40802409 - +39 06 40802417
> Fax +39 06 40501623
> *****/
>
> This message and any attachments (the "message") are
> confidential and intended solely for the addressees. Any
> unauthorised use or dissemination is prohibited. E-mails are
> susceptible to alteration. Neither Secure Edge S.r.l. nor any
> of its subsidiaries or affiliates shall be liable for the
> message if altered, changed or falsified.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.0
>
> iQA/AwUBO+/MpLZNnEO3tzePEQIIHACfQKwk3GVHW4vEpjM0Y8HSqhhwBAQAoM1a
> iPstqGChIJMINCDm7HcsHuRI
> =+7Bp
> -----END PGP SIGNATURE-----
>
>
>

Relevant Pages

  • RE: Automating Local Computer Admin Rights
    ... groups the first box that pops up add administrators. ... add domain admins because they are there by deafult and add adminstrators. ... gpo settings will not tricly down or inherit the settings just from a child ... members of the administrators group on the local machine. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain Administrator privs on Client
    ... It is fairly normal to restrict admin access to SQL Server to only ... Domain Admins is added to a machine's Administrators ... I have an SQL server on my domain, I have to login as the local sql ...
    (microsoft.public.windows.group_policy)
  • Re: Weird security problem in my WIn2K domain
    ... Keep in mind that enterprise admins group has no administrative powers on ... Another thing to try is to create a new account ... add that account to the local administrators ... enable auditing of account logon events in Domain Controller Security Policy ...
    (microsoft.public.windows.server.security)
  • Domain Question
    ... Subject: Domain Question ... my architetcture is domain (winnt 4.0) based. ... Sometimes, during my monthly check, I see that my administrators ... cuz sumeone of these created admin account. ...
    (Focus-Microsoft)
  • Re: Local Logon To Domain Controller
    ... That dose this administrators out to PCs have to do? ... PC Admins or what ever you want. ... >>> Server machine itself. ... >>logon locally on DCs. ...
    (microsoft.public.win2000.active_directory)