Restricting Domain Admins
From: Lee (lee_at_nowehere.com)
Date: 06/01/05
- Next message: Steven L Umbach: "Re: Restricting Domain Admins"
- Previous message: Steven L Umbach: "Re: Advice request: Backdoor hack on Windows Small Business Server"
- Next in thread: Steven L Umbach: "Re: Restricting Domain Admins"
- Reply: Steven L Umbach: "Re: Restricting Domain Admins"
- Reply: Joe Richards [MVP]: "Re: Restricting Domain Admins"
- Reply: Roger Abell: "Re: Restricting Domain Admins"
- Reply: Roger Abell: "Re: Restricting Domain Admins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 1 Jun 2005 17:32:42 +0100
Hi,
I would like to stop domain admins from being able to modify the membership
of the domain admins group.
I have modified the following security on thr domain admins group
Removed Write permission
Removed Modify permission
Removed modify owner permission
I have modified the following security on builtin\administrators group
Removed Write permission
Removed Modify permission
Removed modify owner permission
This appears to work fine.
However, after an hour or so, all the permissions that I have removed seem
to reappear, I am pretty sure no other domain admin is adding them back.
Any ideas ?
Thanks
Lee
- Next message: Steven L Umbach: "Re: Restricting Domain Admins"
- Previous message: Steven L Umbach: "Re: Advice request: Backdoor hack on Windows Small Business Server"
- Next in thread: Steven L Umbach: "Re: Restricting Domain Admins"
- Reply: Steven L Umbach: "Re: Restricting Domain Admins"
- Reply: Joe Richards [MVP]: "Re: Restricting Domain Admins"
- Reply: Roger Abell: "Re: Restricting Domain Admins"
- Reply: Roger Abell: "Re: Restricting Domain Admins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
