Re: Computer Management Security Question
From: Danny Sanders (Danny.Sanders_at_cpcNOmedSPAM.org)
Date: 07/27/04
- Next message: Tim Springston [MSFT]: "Re: passfilt.dll"
- Previous message: GRCC: "Authenticated users question"
- In reply to: Dave W.: "Computer Management Security Question"
- Next in thread: Dave W.: "Re: Computer Management Security Question"
- Reply: Dave W.: "Re: Computer Management Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Jul 2004 14:29:23 -0600
Sounds like you made your users domain admins instead of admin of their
local computer.
If so take them out of the domain admin group and, from their local computer
add their domain account to the local admin group.
They will be able to install, update, their local computer but no control
over the domain controllers.
hth
DDS W 2k MVP MCSE
"Dave W." <DaveW@discussions.microsoft.com> wrote in message
news:4CF603E6-B7BF-4382-8080-E6CF7C9AD2D6@microsoft.com...
> We use a Windows 2003 DC and have found that all of our users can choose
the "Manage" on "My Computer" and then choose the domain controller PC as
the PC to manage. They can then add shares, shut down services, etc. which
defeats all the security.
>
> How can I prevent users from specifying another computer name in the
computer management console snap-in and/or how do I restrict a computer from
allowing on specific users to connect.
>
> Note that all of our users are administrators which I know is bad, but
they are software developers and need to constantly re-install, update
registries, etc.
>
>
- Next message: Tim Springston [MSFT]: "Re: passfilt.dll"
- Previous message: GRCC: "Authenticated users question"
- In reply to: Dave W.: "Computer Management Security Question"
- Next in thread: Dave W.: "Re: Computer Management Security Question"
- Reply: Dave W.: "Re: Computer Management Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
