Re: Domain Rights
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 7 Sep 2006 23:14:51 -0500
No that is not possible and can not be delegated using AD permissions. By
their nature domain controllers contain very sensitive information including
a writeable copy of Active directory and need to be managed by a trusted
domain level administrator. It is possible to dcpromo a domain controller
remotely if need be or manage it via Terminal Services remote
administration.
Steve
<chip33az@xxxxxxxxxxxx> wrote in message
news:1157580298.551149.166730@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello,
I work for a large company with several remote administrators. These
administrators need to be able to add/modify/delete accounts and
computers. They are not allowed to be Domain Administrators.
We did that through permissions on OUs and granting them rights to
local computer systems.
Is it possible to grant them rights to work on domain controllers
(install patches) without making them domain admins?
Thanks.
.
- References:
- Domain Rights
- From: chip33az
- Domain Rights
- Prev by Date: Re: How to remove, disable the smart card on the login
- Next by Date: Re: How to remove, disable the smart card on the login
- Previous by thread: Domain Rights
- Next by thread: Re: Prevent users creating or renaming folders in top 2 folder levels
- Index(es):
Relevant Pages
|
|
