Re: Domain security privileges and Group Policy

Hello j_pickett@xxxxxxxxxx,

If he is a domain admin he can still change all policies you configure. So makes no sense. Why should he have the right?

If he should not have domain admin rights DONT make him domain admin!!!

Best regards

myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.



Hello,

I have a question which I hope somebody may have an answer to.

I would like to know whether there are any implications of making an
ordinary user a member of Domain Admins on a Windows 2003 domain while
at the same time placing said user into a restricted GPO.
What I would like to find out is whether by having the limitations of
the GP imposed on this user whether that would prevent said user from
being able to take advantage of the fact they're a member of Domain
Admins?
Any feedback on this would be greatly appreciated.

Thanks,
JP.


.

Relevant Pages

  • Re: Exchange 2003 send as permission,please help!
    ... No the user isn't a member of any of the groups mentioned. ... I can't figure it out as if I add her to the domain admin ... >permissions reset by Active Directory every hour. ... >Please do not send email directly to this alias. ...
    (microsoft.public.exchange.admin)
  • Re: True difference between Domain Admin grp and Administrators Group
    ... is a member of the domain "administrator" group by default. ... The domain admin group not only has local administrator ... group is automatically added to the local "administrators" group. ... Members of this group have full control of the domain. ...
    (microsoft.public.windows.server.general)
  • Re: Create a policy that grant local administrators to PC without
    ... You want to use the "member of" ... section of the group policy. ... > Hi Mike, well that is the thing that I dont know HOW!! ... >>> I know that if a Tech is member of the Domain Admin group, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cant add domain administrator to directory users names
    ... > Hmmmm. ... Maybe delete the machine account and rejoin the domain? ... like the local machine doesn't know it's a member of the domain. ... > account (I don't use a domain admin account for everyday stuff) and can ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Domain Admin Group membership / Domain Security policy
    ... the domain and domain controllers. ... Domain Admins membership through Restricted Groups is in effect. ... >I am trying to add a new member of out IT department to the Domain Admin ... > security policies but the new user is a member of both restricted groups. ...
    (microsoft.public.windows.server.active_directory)