Re: GPO Application



On 2006-02-01 Lantana PC wrote:
Today, I tried to remove the properties sheet from Local Area
Connections through the user side administrative templates. It only
works on users who are not local administrators and who aren't part of
the Domain Administrators group.

The Domain Administrators group is by default mapped to the local
administrators group when a computer is joined to the domain. And a
local administrator can do anything he wants on the local computer
anyway, so don't bother. You can't lock down a local administrator other
than by not making him a local administrator.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



Relevant Pages

  • Re: management tool and usernames
    ... The logged in user must be a local administrator or member of a group which ... is in the administrators group on the machine you want to manage. ... > it prompts me user name and password for the domain although the user is ... > (on win xp it dosen't ask anything just asks the comp name i wont to ...
    (microsoft.public.win2000.networking)
  • Re: Local admin rights not flowing through
    ... I am trying to add them to the local administrators group. ... >> The workstations did not have local administrator rights so the users could ... >> as them to the local workstation and gain local admin, ... >> re-creating the profile by logging in again. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Unable to see Default Website under user context on IIS 5.1 XP
    ... Local Administrator rights to users. ... "doug" wrote: ... >>Adding the user to the Administrators group works so I ... >>permissions issue. ...
    (microsoft.public.inetserver.iis)
  • RE: Unable to see Default Website under user context on IIS 5.1 XP
    ... Giving user's local administrator rights ... isn't an option in our environment. ... "doug" wrote: ... >>Adding the user to the Administrators group works so I ...
    (microsoft.public.inetserver.iis)
  • Re: Remove users fom all Local Administrators!!
    ... assuming u have a login script, add the following statement to your batch ... :to remove user NT ID from local administrators group ... I've alot of clients who their domain account is added to local ... so if there are a script to remove all accounts from local Administrator ...
    (microsoft.public.windows.server.scripting)