Re: AD Domain Administrator Priv/rights

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 09/28/05 

Date: Tue, 27 Sep 2005 18:07:48 -0500

If all you want to do is to manage access to files/folders then modify share
and ntfs permissions for the users that need access which could be regular
domain users assuming you are not talking about the administrative shares
such as C$. If you want the user to install applications on a domain
controller then they would need to be an administrator for the domain unless
the application is a .msi package that can be published via Group Policy
Software Installation. If you could be more specific on exactly what you
need these users to do someone on this newsgroup could probably be of
lp. --- Steve

"Marc Johnson" <Marc Johnson@discussions.microsoft.com> wrote in message
news:64B9FEBA-BF44-4A3B-99AC-B7811294CD3C@microsoft.com...
> Hello:
>
> I need to know if there is a way to give admins the rights they need
> to
> the domain/files and folders on DC's and servers without granting them GOD
> rights? Is there a best practice out there or has anyone done it.
> Basically
> we don't want to put any Admin into the Domain Admin Group, instead create
> a
> group that gives them the folder/file, and disk rights they need to do the
> job of a network administrator. Is there a case study or anything of that
> nature that will help us define those rights and privs? Any help would be
> appreciated, thanks.

Relevant Pages

  • Re: Permissions required to manage Public Folders
    ... but our way of replicating our Public Folders doesn't work ... >I (Admin from CENTRAL) right click on OURS folder, goes to Replication tab, ... >sets replicas and adds my Exchange 2003, OK's, everything works ... >Exchange Full Administrator or Exchange Administrator role on CENTRAL seems ...
    (microsoft.public.exchange.admin)
  • Re: New IE flaw and exploit sites/migration to non-MS browser
    ... If an application is written for TODAY's Windows XP logo it will run as a non administrator. ... That is the quick and dirty test to see if you have admin rights... ... You have administrator rights to your machine. ... And make sure your folks that are making the purchasing decisions know that this needs to be a requirement...because in this day and age of computer technology there is NO EXCUSE for a vendor to code like we are running Windows 98 around this place. ...
    (Focus-Microsoft)
  • Re: Securing Laptops in an AD environment
    ... Danny is right don't give users Administrator rights, ... Remember if the users have Admin rights, all programs (including virus, ... They would have to have a local account that is in the local admin group ... I would suggest not giving them a local account and not giving them admin ...
    (microsoft.public.windows.server.active_directory)
  • Re: new administrator profile
    ... You can, in fact, delete any of these folders ... profile, or group of folders would be "where I was" when I logged on as ... Administrator, the power user group of folders would be where I'd be if I ... rights, Power Users having semi-limited rights, &, of course, normal Users ...
    (microsoft.public.win2000.general)
  • Re: AD Domain Administrator Priv/rights
    ... As an added clarification, if it is only fille control, then one may also ... >> controller then they would need to be an administrator for the domain ... I need to know if there is a way to give admins the rights they ... >>> we don't want to put any Admin into the Domain Admin Group, ...
    (microsoft.public.security)