They have those rights because of the fact they manage each a server? Because they have quiet a lot rights actually.
Perhaps review your security administration/architecture?
Best regards,
Bart
On 4/24/06, marwahashem <[EMAIL PROTECTED]> wrote:
Dear All ,
I have here in My Network 2 users as the following :-
User 1- He is Member of the follwoing group in Our Active Directory Domain:-
1. Account Operators.
2. Backup Operators.
3. DNS Admin.
4. Domain Admins.
5. Domain Computers.
6. Domain Users.
7. Enterprise Admin.
8. Group Policy Creator Owner.
9. Remote Desktop Users.
10. Schema Admin.
--------------------------------------------------------------------------
User 2- He is a member of the following groups:-
1- Account Operators.
2- Backup Operators.
3- Domain Admins.
4- Domain Users.
5- Enterprise Admin.
6- Remote Desktop Users.
7- Schema Admin.
8- Group Policy Creator.
=============================================================================
Now, Both Of them have 2 server speraatly and every one manage his server in
Our domain Alone with his user name and Password.
the First server is Axapta server & the Second is Normal Intranet server.
Both server are member of our domain.
we have only 1 domain with single forest with 2 DC.
Now, both of them when ever they want to access the Domain Controller By
using Terminal Service Or by Login to the domain controller while they are
standing of him by his user name & Passowrd instead of the Administrator
user name & Password, they are able completely without any Problem.
Due to that , we face some Problem with one of them Because he completely
did something to the Domain Controller .
Now, My Manager asked me to only allow User 2 to access the Domain
Controoler by his user name & Password & even By using Terminal service .
and he does not want any other Persons to have the chance to login to the
domain controller by his user name & Password & Even by using Termianl
Service or Remote Desktop Connection.\
Please guide me , what should i do in order to achive this , what should i
need to delete ?
Thanks & Best Regards,
Marwa,
Thanks & Best Regards,
Marwa,
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
