restricting acces to certain admins
From: Armin (deja.com@gmx.de)Date: 01/15/02
- Previous message: CUSTODIA: "WEBCAMS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: deja.com@gmx.de (Armin) Date: 15 Jan 2002 09:34:34 -0800
Hello,
I have the following scenario:
Setup
* windows 2000 AD environment with w2k servers and w2k professionals
Goal
* a certain group of admins should be able to install and administer
the network components (nic, protocols) incl. settings like ip-address
or duplex-settings
* they should be restricted to doing this on the professional systems
only
* they should have as little as possible other priviliges/rights on
the systems
* they will only access/manage these systems when logged on locally
(not remote)
Admins is too much, Power Users doesn't help and I couldn't find Group
Policies that are relevant (except the load/unload drivers policy, but
it's not enough).
The only setup that I have found so far is creating an admin-group
that is denied access from the network with otherwise unlimited local
admin-rights. I could start denying access to non-relevant areas in
the file-system and registry, but it's hard to decide what's
irrelevant. Installing a nic, the driver and some nic-specific
software as well as configuring ip etc. touches quite a few areas.
Any ideas?
Please send copies of responses to my mail-address as well.
Thanks,
Armin.
- Previous message: CUSTODIA: "WEBCAMS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
