See http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phillip Partipilo
Sent: Tuesday, February 14, 2006
10:45 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Local
admin priviledges
Curious, how do you d
curity.com/articles/Using-Restricted-Groups.html
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phillip
PartipiloSent: Tuesday, February 14, 2006 10:45 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Local admin
priviledges
Curious, how do you do that via GPO? a c
True, but theoretically no users know the local
administrator password on their PCs.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah
EigerSent: Tuesday, February 14, 2006 1:06 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Local admin
priviledges
Also
Subject: RE: [ActiveDir] Local
admin priviledges
Curious, how do you do that via GPO?
a custom ADM?
Phillip Partipilo
Parametric Solutions Inc.
Jupiter, Florida
(561) 747-6107
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman
@mail.activedir.orgSubject: RE: [ActiveDir] Local admin
priviledges
Ahh yes, we do have all users in one global group, and that
global group is auto-added to every local administrators group on each PC
through GPO. I guess that explains that.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tim
ander Kooi
*Sent:* Tuesday, February 14, 2006 9:48 AM
*To:* ActiveDir@mail.activedir.org
*Subject:* RE: [ActiveDir] Local admin priviledges
Being a local admin on a PC does not give them the ability to see
another machine's C$ share. This would occur if you added a group
(local admi
:* Tuesday, February 14, 2006 9:48 AM
*To:* ActiveDir@mail.activedir.org
*Subject:* RE: [ActiveDir] Local admin priviledges
Being a local admin on a PC does not give them the ability to see
another machine's C$ share. This would occur if you added a group
(local admins) to the administrators g
Here are a couple
articles that compare rights.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_security_default_settings.mspx
http://uis.georgetown.edu/software/documentation/win2000/win2000.account.group.permissions.html
Thanks... ... ...
:48 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Local admin
priviledges
Being a local admin on a PC does not give them the ability
to see another machine's C$ share. This would occur if you added a group
(local admins) to the administrators group on all PCs and then added use
Our policy has always been to only give
those rights or permissions that are needed. 99% of our users are not admins of
their own systems and especially not local administrators. We only have 1 local
admin account, it is site specific so if compromised, it only affects that
site. Users wil
are users local admins on ALL clients (through some group that is a member of
local administrators on al clients) or only on their own client and not on
other clients?
if the latter is true, then the first thing that comes to mind is that the
clients were cloned but the machine SID was not reg
I think there is some fact missing here.
You need local admin privileges to see administrative shares (e.g., C$).
Just because you are an admin on your local computer, does not give you that
same right on someone else’s computer.
Mike Thommes
-Original Message-
From:
[EMA
Being a local admin on a PC does not give them the ability
to see another machine's C$ share. This would occur if you added a group
(local admins) to the administrators group on all PCs and then added users to
that group instead of doing it on a user by user basis. That said, I would look
fo
13 matches
Mail list logo
