Re: Local admin rights on a domain controller?

From: Steven L Umbach (n9rou_at_comcast.net)
Date: 08/31/03 

Date: Sun, 31 Aug 2003 00:19:37 GMT

Hi William. What you ask can not be done. There are no local administrators on domain
controllers as you already probably know. You can do things to initially restrict
them, but ultimately they will be able to do whatever they want. Keep in mind that
since a W2K domain controller contains a writeable copy of the Active Directory for
the whole domain , it must be physically secured. You really need to consider a
separate W2K server for file and print sharing. The folks at the
win2000.active_directory newsgroup will be able to help you out also. Chapter nine
of the Deployment Guide and the Branch Office Guide are worth reading. --- Steve

http://www.microsoft.com/windows2000/techinfo/reskit/dpg/default.asp
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/branchoffice/default.asp
http://tinyurl.com/lqj5 --- Same as above, shorter link.

"William H. Hiatt III" <willyoupleaseiam@not.spam.hiatt.me.com.net> wrote in message
news:e04TeI1bDHA.880@TK2MSFTNGP09.phx.gbl...
> We are in the process of designing and piloting Active Directory. We have
> over 100+ remote offices, each one will receive a server that will be there
> local domain controller as well as file and print server.
>
> Here is my problem. I need to give certain groups local admin rights on
> their respective server in each office. However, I do NOT want them to have
> domain admin rights.
>
> Unfortunately, I don't know a single way of doing this, and was hoping you
> might be able to help. Any thoughts?
>
>
> Thank You
>
>
> William
>
>

Relevant Pages

  • Re: NT4 -> Win2K3 question
    ... disable SMB signing for the Workstation or Server service on a domain ... Get Secure! ... The File Replication Service Event log test ... controller to the following destination domain ...
    (microsoft.public.windows.server.migration)
  • Re: installing certificate server issues
    ... How to remove data in Active Directory after an unsuccessful domain ... unsuccessful domain controller demotion. ... require you to reinstall Microsoft Windows 2000 Server, ... The attributes of the NTDS Settings object include data representing how the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Mini-ITX PCs a the future of HA
    ... I can't see how you could ever leave a media server ... automation system so that bits can be distributed as required. ... theater controller scenario, ... What's connected to all the serial cards. ...
    (comp.home.automation)
  • Re: IBM ServerRAID 4L Problem
    ... Not SCSI but nice controller for a mid-range win2k03 .NET IIS ... Again using the 3HB I tried to install Win2k Server thinking it may be a ... driver problem with Linux but install halted at ntdll.dll can't be loaded. ... PCI slot, IRQ's, etc, can ...
    (comp.periphs.scsi)
  • Re: skalierbares und redundantes Speichersystem
    ... oder Controller für DAS) machen. ... wie siehts da eigentlich unter Linux samt Samba mit Laufwerken ... wenn der Platz nicht mehr reicht, Platten nachlegen, zweites Array ... interessante Server mit bis zu 15 internen Platten - auch auf Open-E ...
    (de.comp.hardware.laufwerke.festplatten)