Re: prevent access to other files
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 10/18/03
- Next message: David C: "all accounts locked out"
- Previous message: anonymous_at_discussions.microsoft.com: "Pop ups from the messenger service"
- In reply to: Ahmed Nour: "prevent access to other files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 18 Oct 2003 09:18:39 -0700
You evidently did not read my reply to your earlier,
nearly identical post, as you have provided no new
information.
How do you make the domain user account local
administrators ? Specifically, are you only doing
this at the local machine or are you leveraging domain
group policy for this ?
Your earlier post with my reply is pasted at the end
of this posting.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Ahmed Nour" <anonymous@discussions.microsoft.com> wrote in message news:022d01c39570$0ad54290$a601280a@phx.gbl... > I have WIN2k Advanced Server Domain and about 50 clients > and each user has a user account to use it to log on the > domain > ,the major of the users' accounts are power users (with > respect to their pcs) > but some of them are local administrators (with respect > to their pcs) > and both of them are just normal domain users with > respect to the domain active directory > they are normal users > the problem is:-any user who has a local administrator > account could access any data located on any hard drives > of other pcs connected to the network except the servers > and I Want to prevent the local administrator to do so > > > > > I tried More And More But No result. > Help will be so much appreciated > > Best Regards:- > Ahmed Nour inlined . . . "Ahmed Nour" <anonymous@discussions.microsoft.com> wrote in message news:2ca1701c393eb$923ec250$a601280a@phx.gbl... > I have Win 2k Advanced Server Domain ,all of my users are > super user I take that to mean they are Power Users group members (?) > but some of them needs to install some programs > which need an administrative privillege so i create a > local administrator account for them to setup their appz . > but I found that any local admin could browse all data of > other domain clients(the same as domain admin) by "other domain clients" do you mean - on other machines in the domain if so, use a unique local admin account name on each machine, such as on MachineX have account MachineXadm - storage on same machine that belongs to different domain user accounts that use that machine if so, you can modify NTFS permissions so that the local admin has to take explicit actions to change them in order to get access to those storage area. > > help will be appreciated > Best regards -- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA
- Next message: David C: "all accounts locked out"
- Previous message: anonymous_at_discussions.microsoft.com: "Pop ups from the messenger service"
- In reply to: Ahmed Nour: "prevent access to other files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
