Re: Permissions

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 05/04/05

• Next message: Steven L Umbach: "Re: Another user logged in?"
• Previous message: Steven L Umbach: "Re: IPSEC on Win2k3 - block all default/except for a few ports"
• In reply to: graysh: "Permissions"
• Next in thread: graysh: "Re: Permissions"
• Reply: graysh: "Re: Permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 4 May 2005 13:04:13 -0500

Unless this application runs on a domain controller [try to avoid] you
should not need to give them domain admin group membership but instead give
them local administrator access to the server where the application is.
Domain users can be easily added to the local administrators group on domain
computers if really necessary though the best solution is to attempt to
modify, ntfs permissions, registry permissions, and possibly user rights to
allow a regular user access. Poorly written applications [ from a security
perspective] do not always allow such. --- Steve

"graysh" <graysh@discussions.microsoft.com> wrote in message
news:F37F5C14-F7C7-4DE1-8629-6D7397596DE9@microsoft.com...
> I've got a quick question about permissions. I've got some sales reps that
> run a dbase app that craps out unless I give the sales guys domain admin
> rights. I need help.
> Thanks

---

• Next message: Steven L Umbach: "Re: Another user logged in?"
• Previous message: Steven L Umbach: "Re: IPSEC on Win2k3 - block all default/except for a few ports"
• In reply to: graysh: "Permissions"
• Next in thread: graysh: "Re: Permissions"
• Reply: graysh: "Re: Permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Permissions ... > should not need to give them domain admin group membership but instead give ... > them local administrator access to the server where the application is. ... (microsoft.public.security) Re: Admin Rights on Client ... Log in to the client as the local Administrator and password, set the domain window to the machine's name before clicking OK. ... You will be prompted to provide your domain admin ... Subject: Admin Rights on Client ... (microsoft.public.windows.server.sbs) RE: Moving existing users to new OU ... permissions on the Roaming Profile folders is not set properly and since the ... users' removal from Domain Admin group, ... > When the test users logon, Windows treats them as if they've never logged on ... (microsoft.public.windows.server.active_directory) Re: Log on Locally ... logon as the local administrator, do you mean log on to ... I can logon as local and domain admin to the ... >> Revoking SeDenyInteractiveLogonRight from Domain ... ... (microsoft.public.win2000.security) Re: Cannot Access Shared C$ ... out that my server that runs SBS 2003 had a different time ... my server was on Central America Time Zone for some ... >> the domain admin group, even if i add the domain admin ... (microsoft.public.windows.server.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)