Re: restricted management for some users.
From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 05/20/04
- Previous message: Sullivan, Glenn: "RE: restricted management for some users."
- In reply to: Bruyere, Michel: "restricted management for some users."
- Next in thread: Chris Goodwin: "RE: restricted management for some users."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 May 2004 23:24:27 +0200 To: security-basics@securityfocus.com
On 2004-05-20 Bruyere, Michel wrote:
> 1- I need to setup a user (the technician) to access the properties of
> accounts in AD (to reset passwords and/or unlock them). He has to log on
> locally/interactively on one of the DC (the one with all the FMSO
> roles).
> BTW I had something strange when I've set the local policies on the DC
> to allow the user to logon locally. I had set al admins groups/accounts
> and this particular account. Few times after I did this, users began to
> call me telling that they had a message that they couldn't logon
> interactively. Is there a way to setup "local" policies on the DC to
> allow a user account to logon locally?
IIRC this can be done through the Domain-Controller Policies (as opposed
to the Domain Policies). Find both of them on the Start Menu under
"Administrative Tools".
> 2- I have to give full control over 5 servers to 2 guys, the ERP dev
> team. They should have the right to install/uninstall anything on the
> servers. I though to give them an account which is local administrator
> on those servers.
Create a domain group ERP-dev, add the users to this group and add the
domain group to the local administrators group on those 5 servers.
HTH
Regards
Ansgar Wiechers
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Sullivan, Glenn: "RE: restricted management for some users."
- In reply to: Bruyere, Michel: "restricted management for some users."
- Next in thread: Chris Goodwin: "RE: restricted management for some users."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
