Re: Domain security privileges and Group Policy
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Tue, 30 Jan 2007 17:29:24 -0700
You can make it more difficult for an admin or a DA to
do what they want, have their way with your deployment,
but you cannot stop them if they are determined.
Also, to get to that point of making it difficult, you need
to be pretty good at the settings, certainly better than they.
If they are not usefully restrained then your deployment
is open to the impact of their point and click experiments.
Roger
<j_pickett@xxxxxxxxxx> wrote in message
news:1170153923.428760.263490@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello,
I have a question which I hope somebody may have an answer to.
I would like to know whether there are any implications of making an
ordinary user a member of Domain Admins on a Windows 2003 domain while
at the same time placing said user into a restricted GPO.
What I would like to find out is whether by having the limitations of
the GP imposed on this user whether that would prevent said user from
being able to take advantage of the fact they're a member of Domain
Admins?
Any feedback on this would be greatly appreciated.
Thanks,
JP.
.
- References:
- Domain security privileges and Group Policy
- From: j_pickett
- Domain security privileges and Group Policy
- Prev by Date: Re: Domain security privileges and Group Policy
- Next by Date: Re: User can't access the server
- Previous by thread: Re: Domain security privileges and Group Policy
- Index(es):
Relevant Pages
|
|
