Re: Account question
From: Victor Matei (rvf_at_bebe.moc)
Date: 05/09/03
- Next message: Matthew Mucker [MSFT]: "Re: Q377623 hoax?????"
- Previous message: Boogie Woogie Flu: "Re: Spooler subsystem app accessing DNS"
- In reply to: Joe Richards [MVP]: "Re: Account question"
- Next in thread: Joe Richards [MVP]: "Re: Account question"
- Reply: Joe Richards [MVP]: "Re: Account question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 9 May 2003 15:28:46 -0400
Suppose a user removed every account except his local username from their
local Administrators group of their Windows XP workstation.
How can administrative access be regained ?
I looked into using the Restricted Groups usage in the Group policy, however
am not familiar with this feature, apparently it does not deal with local
groups for the workstation.
Thank you for your reply.
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:u75SdtcFDHA.1840@TK2MSFTNGP10.phx.gbl...
> You really don't think you could because the self would only apply to its
own object. I.E. The user and his/her own
> object, a computer and its own object. When you add a user to a group you
actually modify the member attribute of the
> group.
>
> By default people can't add themselves to group, some access has to be
given them to do it.
>
> What are the details of your root problem and the desired goal.
>
> --
> Joe Richards
> www.joeware.net
>
> --
>
> "Victor Matei" <rvf@bebe.moc> wrote in message
news:OR736rWFDHA.1660@TK2MSFTNGP10.phx.gbl...
> > How would you use the "Self" to prevent any accounts from adding
themselves
> > to a security group ?
> >
> > "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
> > news:O9Wl5WPFDHA.432@TK2MSFTNGP12.phx.gbl...
> > > Not sure if I have ever seen it documented.
> > >
> > > Self is literally self. If you give modify rights for the description
> > attribute to all objects in a container and it has
> > > a user named User1 and a computer named Computer1. User1 could modify
> > description on User1 and Computer1 could modify
> > > description on Computer1 but they couldn't modify each other.
> > >
> > > --
> > > Joe Richards
> > > www.joeware.net
> > >
> > > --
> > >
> > > "Victor Matei" <rvf@bebe.moc> wrote in message
> > news:uZtfmgMFDHA.1548@TK2MSFTNGP12.phx.gbl...
> > > > Can anyone point to a more exhaustive description and explanation of
the
> > > > "SELF" account in AD ?
> > > > And an example how this is supposed to be used properly ?
> > > > Thanks in advance.
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Matthew Mucker [MSFT]: "Re: Q377623 hoax?????"
- Previous message: Boogie Woogie Flu: "Re: Spooler subsystem app accessing DNS"
- In reply to: Joe Richards [MVP]: "Re: Account question"
- Next in thread: Joe Richards [MVP]: "Re: Account question"
- Reply: Joe Richards [MVP]: "Re: Account question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
