RE: NT and 2000 account policies administrations

From: Sergey V. Gordeychik (gordey_at_infosec.ru)
Date: 05/12/04

  • Next message: Sergey V. Gordeychik: "RE: Relative Security Provided by Cached Domain Credentials?"
    Date: Wed, 12 May 2004 10:14:09 +0400
    To: "Pontonnier- White, Sylvie" <spontonnier-white@TYCO.COM>, <focus-ms@securityfocus.com>
    
    

    >Question 1
    >Under MSW NT and 2000 is there a
    >possibility to restrict certain actions
    >that a user having administrator rights
    >might be able to do on the system security configuration.

    Generally - NO. A administrator is a administrator is a administrator.
    You can control it in Active Directory environment with help of
    delegation of control.

    >Question 2
    >Under MSW NT and 2000 can the audit function provide details of any
    >changes made to the account policies/security
    >configuration by each of the...

    You can use Directory access events to control Group Policy
    modification.
    http://support.microsoft.com/default.aspx?kbid=814595

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Sergey V. Gordeychik: "RE: Relative Security Provided by Cached Domain Credentials?"