Re: How can I allow Domain User Accounts Admin rights on their loc
From: Colin Nash [MVP] (x_at_x)
Date: 10/17/04
- Next message: Shenan Stanley: "Re: How can I allow Domain User Accounts Admin rights on their loc"
- Previous message: Shenan Stanley: "Re: Owner\Administrator"
- In reply to: Patrick Parks: "Re: How can I allow Domain User Accounts Admin rights on their loc"
- Next in thread: Shenan Stanley: "Re: How can I allow Domain User Accounts Admin rights on their loc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 17 Oct 2004 02:07:08 -0400
"Patrick Parks" <PatrickParks@discussions.microsoft.com> wrote in message
news:410C3CE1-5309-4A41-8854-B04251101147@microsoft.com...
> Thanks, you say not recommended, why? Will this be a security threat to
> the
> server?
>
Ideally, users should not be administrators of workstations. Some times
this is necessary due to what the do, or due to office politics, but
generally it is best to limit them to the least privileges that they
actually need. If *your* account is a member of Domain Admins, then you
should already have admin rights when you log on. If there are other people
who will providing tech support but who don't need to manage the domain
itself, it would be a good idea to create a group on the domain called "IT
Staff" or something, and make this group a member of each workstation's
Administrators group. Put yourself and any other technicians/admins in that
group.
-- Colin Nash Microsoft MVP Windows Printing/Imaging/Hardware
- Next message: Shenan Stanley: "Re: How can I allow Domain User Accounts Admin rights on their loc"
- Previous message: Shenan Stanley: "Re: Owner\Administrator"
- In reply to: Patrick Parks: "Re: How can I allow Domain User Accounts Admin rights on their loc"
- Next in thread: Shenan Stanley: "Re: How can I allow Domain User Accounts Admin rights on their loc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
