Re: Domain Controller Administration

From: Brian Rosario (brosario305_at_hotmail.com)
Date: 09/13/04 

Date: Mon, 13 Sep 2004 10:44:17 -0700

Mike,

Thanks for the information. But will this allow the user
to install, uninstall or update applications without
making them domain admins?

I will keep working on this.

Thanks,
Brian
>-----Original Message-----
>Hi Brian,
>
>What kind of access do they need? Local logon or
Terminal Services Access?
>Domain Controller policy can be configured in a way
that "normal" users can
>logon either locally or using Terminal Services... Still
you should keep
>amount of users that have this rights to the minimum.
>
>Here is what you need to do. Open Domain Controller OU
and Edit it's policy.
>Drill down under Computer Configuration -> Windows
Settings -> Security
>Settings -> Local Policy -> User Rights Assignment. Here
look for policy
>e.g. "Allow logon locally" and double click on the
policy. Click on Add
>Users and Groups and add a group of users that should
have the right to
>logon locally to this server.
>
>You either need to wait for new policy to "kick in",
force replication of
>reboot the CD.
>
>I hope this helps,
>
>Mike
>
>"Brian Rosario" <brosario305@hotmail.com> wrote in
message
>news:14c301c499a1$6f083610$a401280a@phx.gbl...
>> We have domain controllers that are also application
>> servers at our branch locations. Currently we have too
>> many domain administrators because application support
>> people need admin priviledges to support the
>> applicaitons. We have set up the applicaiton support
>> people as local admins on member servers but now I need
>> to do something on the domain controllers. Is there
some
>> sort of role I can give the application support people
on
>> the domain controllers so they don't have to be domain
>> admins. We are a W2K shop with AD. Somebody please
help.
>
>
>.
>

Relevant Pages

  • Domain Controller Administration
    ... We have domain controllers that are also application ... servers at our branch locations. ... many domain administrators because application support ... people as local admins on member servers but now I need ...
    (microsoft.public.win2000.security)
  • Re: Domain Controller Administration
    ... Only domain admins can install applications, critical updates, change hardware, ... reconfigure tcp/ip, etc on domain controllers. ... > many domain administrators because application support ...
    (microsoft.public.win2000.security)
  • en Wikipedia: "Please read: A personal appeal from Wikipedia founder Jimmy Wales."
    ... i may as well send this about once per year (seems like that how often i see the appeals for financial support). ... I might support hearing an appeal of his indefinite ban in order to consider an alternative remedy but will not unblock him at this time. ... there is also some discussion of this on my talk page, but i think the RFAr and AN/I has all of the discussion and links to the edits in question. ... i'll admit that i am flypaper for abusive admins. ...
    (comp.dsp)
  • Re: dns administration delegation
    ... domain controllers are in site B ... I want admins from site A to be able to manage only the DNS servers at ... and have always done it with a GPO to delegate control of the service. ... I am not even sure that permissions you are actually delegating there -- ...
    (microsoft.public.windows.server.dns)
  • RE: Must be a member of domain admins...
    ... If you have multiple domain controllers, ... on the network are assigned as a Global Catalog server. ... Remove and re-add Domain Admins, Schema Admins, and Enterprise Admins to ... and Enterprise Admins group from the built-in Adminstrator account. ...
    (microsoft.public.windows.server.sbs)