Re: local and domain 'administrator' account

From: Peter (pmkdatabase@yahoo.ca)
Date: 01/05/03 

From: pmkdatabase@yahoo.ca (Peter)
Date: Sun, 05 Jan 2003 03:01:06 GMT

Thanks, Benoit,

I am not being argumentative - I just want to understand this, and
all, this _is_ a MSPRESS book, Are you suggesting it is wrong?

Peter

On Sun, 05 Jan 2003 03:31:10 +0100, Benoit Boudeville
<bboudev-NOSPAM@club-internet.fr> wrote:

>
>On a DC the Administrator domain account is considered as local, just
>like if AD was the local accounts database.
>
>For workstations or member computers, it's the built-in local
>Administrator account, which is not Domain neither Enterprise Admins.
>
>
>
>Peter wrote:
>> The Microsoft Windows 2000 Administrator's Pocket Consultant states:
>>
>> "In a Windows 2000 domain, the Administrator local user is a member of
>> Domain Admins (and Enterprise Admins) by default. This means that if
>> someone logs on to a computer as the administrator and the computer is
>> a member of a domain, the user will have complete access to all
>> resources in the domain. To prevent this, you can remove the local
>> Administrator account from the Domain Admins (and Enterprise Admins)
>> group."
>>
>> This has got me a bit confused. I don't see a 'local' administrator in
>> these groups, only the builtin domain 'Administrator' account. Surely
>> that is not the same account - in my domain they have different
>> passwords, for starters. What am I missing?
>>
>> Thanks,
>>
>> Peter
>

Relevant Pages

  • Re: Login as local admin
    ... So if i basically ensure that my domain administrator account is a member of ... the schema admins, and enterprise admins, and login using these credentials, ... The article does not reference "local" administrator (as far as I ... If you choose to use an account other than the built-in administrator ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows Service - Event Log
    ... I didn't say the Administrator account. ... Administrators group on the local machine." ... I didn't advocate using a member of the Administrator's group; ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Setting a password on an AD account...
    ... I assume it's running in a restricted account right? ... You don't use SSL to bind, and as this runs from a server which is not a domain member (a ... this one fails when the current user is not an administrator on the DC. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Local user privileges
    ... On AD the user is member of "domain users". ... can see that the user login into the domain has administrator privileges. ... So my only option is to set the local account to ...
    (microsoft.public.win2000.group_policy)
  • Re: can a sysadmin change the win2000 domain admin password ?
    ... Pretty obviously if the person is a member of the Builtin\Administrator ... could change the password of the OS administrator account ... ... a person who is a member of the SysAdmin role can ...
    (microsoft.public.sqlserver.security)