Re: restrict reset of Admin Password

From: Altria (urbantec92_at_msn.com)
Date: 03/11/04 

Date: Thu, 11 Mar 2004 11:56:17 -0500

Hello Steven,
Thanks for the rapid reply...I will look into delegation.
Also, the answer you provided includes change of Admin password at the local
machine (server) is also not possible.
Thanks,
Altria
"Steven L Umbach" <sumbach@nospam-ameritech.net> wrote in message
news:bC%3c.32734$PY.73@newssvr26.news.prodigy.com...
> Server operators and account operators can not reset or otherwise modify
> user accounts that are administrators, though other administrators in the
> domain can or anyone in the enterprise admins group for the forest. You
> could also look into AD delegation at the domain or OU level that will
allow
> you to delegate many rights to a user without special group membership
> including adding computers and users to the domain. At the domain or OU
> level right click the container and select delegate to start the
delegation
> wizard which includes common tasks and also allows you to add custom
tasks.
> Also look in help for delegate or delegation. --- Steve
>
>
> "Altria" <urbantec92@msn.com> wrote in message
> news:#uFrYs3BEHA.3344@tk2msftngp13.phx.gbl...
> > Hello All,
> > Is there a way that I can have my staff not be able to reset the Admin
> > password and leave them with group membership of server operators and
> > account operators. I give these priviledges to them so that they are
able
> to
> > join computers and users onto the domain during rollout. Or is it better
> to
> > create a temporary account and delete it afterwards with the appropriate
> > permissions. In most cases what priviledges are given to support staff?
I
> > would like to limit as much as I can but I would like them to get on
with
> > thier daily duties?
> > My Main concern is the Admin password reset though.
> > TIA,
> > Altria
> >
> >
>
>

Relevant Pages

  • Re: Unix Bind and Windows DNS coexist problem with forwarder ON
    ... not a web server. ... Here is the MS KB link of how i setup in Microsoft DNS server. ... I setup delegation in UNIX BIND server to Windows 2003 ... >>> The above does not describe delegation. ...
    (microsoft.public.windows.server.dns)
  • Re: PROBLEM: ASP on IIS 5 secured via "Windows Integrated Authentication" accessing "
    ... I have two virtual directories on same server with Integrated ... If i use basic authentication, ... as .NET framework config file) as well as Delegation as specified by the ... > could do whatever you want in your ASP page on behalf of the Domain Admin. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Using NT Authentication with Linked Server
    ... You are running into a double hop (or delegation) scenario. ... User trying to connect to SQL Server is not sensitive and can be ... how to register SPNs for your SQL Service account). ... Use sp_addlinkedsrvlogin on the first linked server (server B in your ...
    (microsoft.public.sqlserver.security)
  • Re: Windows (Trusted) Authentication and SQL Server
    ... I can still run the application when logged in locally to the IIS machine, ... > The account whose credentials are being delegated must be a domain account ... > be marked in Active Directory as trusted for delegation. ... > Server) does not need to be marked as trusted. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Choosing between ASTs and Threads
    ... While I haven't used VMS since long before threads existed there, ... > True Master/Slave scenario, ... (and of course such delegation has significant overheads of its own): ... > connections to a VMS server application. ...
    (comp.os.vms)