Re: Admins with limited rights
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Mon, 2 Jul 2007 22:00:19 -0700
Members of Administrators are equal (although the built-in
has some diffs), and any attempt to change that can be reversed
by those one attempts to limit.
Assuming those with the "limited" admin accounts can be
trusted to not attempt to change their limitations, then the
question becomes, can one do the specific limitations you
have outlined. For each of those mentioned limitations
I can think of no way to effect them, with or without AD.
One could use ACLs on user objects in AD to do the first
set but you would end up limiting more than just the specific
"do not change" items you mentioned.
Roger
<cool_runn@xxxxxxxxxxx> wrote in message
news:1183377891.200393.185340@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have the following situation:
1 administrator who has material responsibility
2 administrators who act as assistants
What I would like to do is:
Create 2 accounts: Admin2 and Admin3
give them all rights except:
- having the ability to change the password of Administrator
- having the ability to change own rights
Further Remote Administration through Terminal Services for Remote
Administration should be limited the following way:
Console: only Administrator (direct console or mstsc.exe /console)
Terminal Session (Remote Administration): Administrator, Admin2 or
Admin3
Is it possible to configure the above schema
a) with Active Directory
b) without Active Directory
The server where I want to create this security model is a standalone
Windows Server 2003 R2 SP2 Standart Edition with Remote Desktop for
Administration enabled.
Thanks in advance
Best regards
Alexej Buchholz
.
- References:
- Admins with limited rights
- From: cool_runn
- Admins with limited rights
- Prev by Date: Re: MSN Virus
- Next by Date: Re: MSN Virus
- Previous by thread: Admins with limited rights
- Next by thread: Re: Admins with limited rights
- Index(es):
Relevant Pages
|
