I tried this last night on my test machine and the domain admins are automatically populated in the local admin group
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 25, 2004 15:17 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Remote Desktop i have a question here: unless something has changed, domain admins should be populated in the local administrators group when you join the domain.......so, by default they should have remote access rights. there are ways to block this with policy, and the most obvious one would be to use restricted groups on the local administrators group, without putting in domain admins. that could be pretty dangerous, although, a custom global group could be populated in there for the rights. but if everything is on the defaults, it should just be working on its own. what am i missing here? thanks |---------+----------------------------------> | | "Seyboldt, Volker" | | | <[EMAIL PROTECTED]| | | > | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org | | | | | | | | | 03/24/2004 02:29 PM | | | Please respond to | | | ActiveDir | | | | |---------+----------------------------------> >--------------------------------------------------------------------------- ---------------------------------------------| | | | To: <[EMAIL PROTECTED]> | | cc: | | Subject: RE: [ActiveDir] Remote Desktop | >--------------------------------------------------------------------------- ---------------------------------------------| yes you can You can use restricted groups in group policies to add any group you want to the local "Remote Desktop Users" at each PC. Members (Users and/or groups) of the PC's local ADministrator group are also automatically allowed to connect remotly.... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philadelphia, Lynden - Revios Toronto Sent: Wednesday, March 24, 2004 9:16 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Remote Desktop Is there a way to add Domain Admins to the Remote Users of every pc in our Domain with AD and not go to every PC? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/