Re: Restrict the Domain Admin
From: Christos Triantafyllidis (ctria_at_physics.auth.gr)
Date: 09/17/05
- Previous message: confusionvalley: "HTML/Java protection"
- In reply to: sf_mail_sbm_at_yahoo.com: "Restrict the Domain Admin"
- Next in thread: Pete Hunt: "Re: Restrict the Domain Admin"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 18 Sep 2005 00:13:53 +0300 To: sf_mail_sbm@yahoo.com
sf_mail_sbm@yahoo.com wrote:
> Hi List,
> Is there a way to restrict access of a Domain Admin?
Nope.
>
> Example, can we allow a Dommain admin to do everything EXCEPT user management (e.g. password reset)?
This won't be a "Domain admin"
>
> We want to secure our environment, and do not want to have "ALL-POWERFULL" domain admins around
>
> Thanks for your suggestions
>
> P.S. Environment: Windows (2000 & 2003) - Active Directory
>
The best you can use is limit your domain admin account to the people
that should be domain admins. Add a new custom group for each privilege
that Active Directory allows you to have, and make users members of the
groups they should be.
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature
- Previous message: confusionvalley: "HTML/Java protection"
- In reply to: sf_mail_sbm_at_yahoo.com: "Restrict the Domain Admin"
- Next in thread: Pete Hunt: "Re: Restrict the Domain Admin"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
