Re: Allowing a Domain User Admin Rights to a Couple of Domain Servers

From: Matt Gibson (mattg_at_blueedgetech.ca)
Date: 06/30/05 

Date: Wed, 29 Jun 2005 20:55:58 -0700

Depends if these machines are domain controllers or not.

If they're domain controllers, then you're pretty much out of luck. A full
admin on a DC is basically an admin of the network.

If they're not DCs, then you can just give his user (in AD) only logon
rights to those two servers.

Matt Gibson - GSEC

<inteltech@gmail.com> wrote in message
news:1120101232.707852.206150@g47g2000cwa.googlegroups.com...
> Hello All
>
> I am looking for a little assistance...
>
> Within our company we have two servers that have a different
> administrator to the rest of the network.
>
> Currently the administrator of these servers uses the domain
> administrator username/password to perform his admin tasks on the
> server, but has also been know to use this account for other purposes.
>
> So what I would like to do, is provide him with an account that ONLY
> has administrator rights on this two machines that he requires
> administrator access too.
>
> Something like user account within Windows XP on the domain server
> would do the trick... but no!
>
> Does anyone have any ideas/advise for this?
>
> Thanks in advance
>
> David
>

Relevant Pages

  • Re: Inheriting network, first steps?
    ... determine that you can log in with the highest admin rights on each box ... Domain controllers first, critical servers next, etc. ... inventory all accounts with admin rights, ...
    (microsoft.public.windows.server.security)
  • Re: Changing Administrator Password On Server 2003 Domain Controll
    ... you should limit use of Administrator account for logging into domain ... It is in fact the Domain Administrator password I am speaking of. ... the same password will then be required on DC Two and the Member Servers ... on domain controllers there is DSRM ...
    (microsoft.public.windows.server.general)
  • Re: Changing Administrator Password On Server 2003 Domain Controll
    ... you should limit use of Administrator account for logging into domain ... It is in fact the Domain Administrator password I am speaking of. ... the same password will then be required on DC Two and the Member Servers ... on domain controllers there is DSRM ...
    (microsoft.public.windows.server.general)
  • Re: Allowing a Domain User Admin Rights to a Couple of Domain Servers
    ... Even on a DC a "full admin" as in member of Administrators is only ... > rights to those two servers. ... >> administrator to the rest of the network. ...
    (microsoft.public.windows.server.security)
  • Re: Server access restriction
    ... You can not really limit a domain admin as they are an administrator for the ... domain, for all domain controllers, and all domain computers. ... servers is substantial. ...
    (microsoft.public.security)