Re: ACL Issue - Easy Question

From: Ben Smith [MS] (bensmi@microsoft.com)
Date: 08/09/02

• Next message: Ben Smith [MS]: "Re: Account getting locked out - Need to find out by whom!"
• Previous message: Ben Smith [MS]: "Re: SMTP banner mods ?"
• In reply to: Tom Baker: "ACL Issue - Easy Question"
• Next in thread: Tom Baker: "Re: ACL Issue - Easy Question"
• Reply: Tom Baker: "Re: ACL Issue - Easy Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Ben Smith [MS] <bensmi@microsoft.com>
Date: Fri, 9 Aug 2002 08:52:08 -0700

In article <uAoyZf7PCHA.2608@tkmsftngp10>, Tom Baker
(tdbaker@hotmail.com) writes...
> Hello Everyone,
>
> I have a situation where a few people need to be in the Administrator group
> on the DC's in our domain. What we do not want the mto be able to do is add
> either themselves or other people to the Domain Admins or Enterprise Admins
> group. My assumption is that I can go to the security tab on each of these
> objest and remove the the WRITE and Add Self permissions from the
> Administrators groups set of permissions. I just want to make sure that as
> soon as I do that, my weekend in going to be spent restoring AD because I
> have screwed the system up.
>
> Any feedback would be appreictaed.
>
> Tom Baker
>
>
>

Administrators are administrators. You should consider delegating
the authority to the non-adminstrators rather the altering the built-
in rights/permissions on the Administrators group.

-- 
Ben Smith
Microsoft Training and Certification
Are you secure? http://www.microsoft.com/security
This posting is provided “AS IS” with no warranties, and confers no 
rights.

• Next message: Ben Smith [MS]: "Re: Account getting locked out - Need to find out by whom!"
• Previous message: Ben Smith [MS]: "Re: SMTP banner mods ?"
• In reply to: Tom Baker: "ACL Issue - Easy Question"
• Next in thread: Tom Baker: "Re: ACL Issue - Easy Question"
• Reply: Tom Baker: "Re: ACL Issue - Easy Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages ACL Issue - Easy Question ... I have a situation where a few people need to be in the Administrator group ... either themselves or other people to the Domain Admins or Enterprise Admins ... objest and remove the the WRITE and Add Self permissions from the ... Any feedback would be appreictaed. ... (microsoft.public.win2000.security) Security Issue ... I removed domain admins from the local administrator group ... of a member server and they are denied access to ... (microsoft.public.win2000.security) Re: Domain Admin group in ISA 2006 ... If you can't trust the Domain Admins then the war is already over and you lost. ... ISA would be the last thing you have to worry about. ... subsequently remove Domain Admins from having the ISA Server Full ... (microsoft.public.isaserver)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint