Re: Admin rights

From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
Date: Thu, 7 Sep 2006 18:06:00 -0700

"bharat" <u26323@uwe> wrote in message news:65f2cbdd41d7b@xxxxxx

need the solution to this

To what?
To

Is there a way to give a user admin rights on the server but prevent
them from changing the local administrator password?

??
If so there is none. Admin is admin and controls all accounts.

Roger Abell [MVP] wrote:

If you try to limit what an admin account can do you only end
up frustrating the holders of those account and not unavoidably
limiting them. If they want to get around what you have done to
limit them badly enough they can and will.

Why do they need to be administrators?
Can you not grant sufficient for them to do the monitoring that
you have mentioned? They do not need to be admins to use
an RDP login, so evidently you are not finding a way to allow
a plain user account to do the monitoring??

Is there a way to give a user admin rights on the server but prevent
them
from changing the local administrator password?

[quoted text clipped - 6 lines]

Thanks
Justin

References:
- Admin rights
  - From: Justin Rich
- Re: Admin rights
  - From: Roger Abell [MVP]
- Re: Admin rights
  - From: bharat

Prev by Date: Certificate Error
Next by Date: Granting domain accounts access to a workgroup resource
Previous by thread: Re: Admin rights
Next by thread: Re: Admin rights
Index(es):
- Date
- Thread

Relevant Pages

Re: Admin rights
... If you try to limit what an admin account can do you only end ... a plain user account to do the monitoring?? ... I have some users that need to use RDP to get on to a server to monitor ...
(microsoft.public.windows.server.security)
Re: Admin rights
... up frustrating the holders of those account and not unavoidably ... limiting them. ... a plain user account to do the monitoring?? ... from changing the local administrator password? ...
(microsoft.public.windows.server.security)
Re: Incoming E-Mail - cant create contact in OU
... central admin pool different than the web app. ... that account a little (if the web app is compromised or something, ... So I started with giving the app pool account domain admins permissions then ...
(microsoft.public.sharepoint.windowsservices)
Re: Security Breach in AD! Help!
... > about 5 minutes the user was removed from the built in admin group. ... > changed the default domain policy, the default domain controller policy, ... >> auditing of account logon for success and failure and account management ... >> success and failure in Domain Controller Security Policy. ...
(microsoft.public.win2000.security)
Re: cant verify disk
... She went to DU, and when she pressed "verify disk", it asked her user ... Disk Utility has required an administrator name and password for certain ... This is clearly a task which requires admin privileges, ... seriously mucked up with her user account settings in the NetInfo ...
(comp.sys.mac.system)