Admins with limited rights

From: cool_runn@xxxxxxxxxxx
Date: Mon, 02 Jul 2007 05:04:51 -0700

Hi,

I have the following situation:

1 administrator who has material responsibility
2 administrators who act as assistants

What I would like to do is:

Create 2 accounts: Admin2 and Admin3

give them all rights except:

- having the ability to change the password of Administrator
- having the ability to change own rights

Further Remote Administration through Terminal Services for Remote
Administration should be limited the following way:

Console: only Administrator (direct console or mstsc.exe /console)
Terminal Session (Remote Administration): Administrator, Admin2 or
Admin3

Is it possible to configure the above schema

a) with Active Directory
b) without Active Directory

The server where I want to create this security model is a standalone
Windows Server 2003 R2 SP2 Standart Edition with Remote Desktop for
Administration enabled.

Thanks in advance

Best regards

Alexej Buchholz

.

Follow-Ups:
- Re: Admins with limited rights
  - From: Roger Abell [MVP]

Prev by Date: Re: McAfee shuts off my computer
Next by Date: Re: MSN Virus
Previous by thread: Re: McAfee shuts off my computer
Next by thread: Re: Admins with limited rights
Index(es):
- Date
- Thread

Relevant Pages

RE: remote administration via hidden shares
... using the local administrator account, not all AV have the feature to ... remote administration via hidden shares ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
(Security-Basics)
Re: Why cant I remote-manage this *one* workstation?
... > do you have the admin shares on the computer, for example c$, Admin$, IPC$ ... For example IPC$ is used for remote administration. ... But if I try this from one of the DCs, as Administrator, ...
(microsoft.public.windows.group_policy)
Re: Admins with limited rights
... - having the ability to change the password of Administrator ... give admin 2 and 3 rights as required but do NOT ... Further Remote Administration through Terminal Services for Remote ...
(microsoft.public.security)
Re: Admins with limited rights
... trusted to not attempt to change their limitations, ... having the ability to change the password of Administrator ... Further Remote Administration through Terminal Services for Remote ... without Active Directory ...
(microsoft.public.security)
Re: Logon Failure User Account Restriction
... Active Directory and several XP Pro workstations attached to it. ... workstation that acts as a file server. ... enter 'administrator' and 'mypassword' to gain access. ... entirely, reinstalled XP, and only put on networking drivers. ...
(microsoft.public.windowsxp.basics)