Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Howto create an admin account on a win2k DC but deny access to AD
- Thread starter nat2345
- Start date
Hmm. I think you could be stuffed. I may be wrong - after all a bottle of red wine in the garden never helps...but I think that cos a DC is a DC then it doesn't have any local security options.
AD is so much a part of a DC that you cannot split it out.
M.
Hollingside Technologies, Making Technology work for you.
AD is so much a part of a DC that you cannot split it out.
M.
Hollingside Technologies, Making Technology work for you.
- Thread starter
- #3
Oh! here is a thing - in the OU (organisational units) in AD you can delegate authority to various users..can you also say who can and cannot manage the users? If so then you are away......just create a user that has admin rights, but deny him mangerial rights over the users at a root level...or do it the otherway around - create a new group of users who do have rights over the OUs and don't assign Mr Defrag to that group.
Does that make any sense?
I'll re-read all this again in the office tomorrow and wonder what I was on!
Hollingside Technologies, Making Technology work for you.
Does that make any sense?
I'll re-read all this again in the office tomorrow and wonder what I was on!
Hollingside Technologies, Making Technology work for you.
- Thread starter
- #5
- Status
Similar threads
- Locked
- Question
