Domain Admin administering Domain Computers

Domain Admin administering Domain Computers
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Domain Admin administering Domain Computers Merman 12-06-2005
Posted by Merman on December 6, 2005, 2:58 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Good day to you!

Is there a way for the Domain Admins to regain full access to the Computers
and Servers joined in the Domain?

Thanks.



Posted by Arek Iskra [MVP] on December 6, 2005, 3:41 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Good day to you!
>
> Is there a way for the Domain Admins to regain full access to the
> Computers and Servers joined in the Domain?
>
> Thanks.
>

Do you mean to OU or physical access? Can you login to those machines as
Local Administrator?

If someone (say accidentally) removed your privileges you could utilize
Restricted Groups in GPO to make sure you always have the access necessary
and it can be automatically restored should someone remove your account
again. Unless it is not your case.

Just as a side note, it is not advisable to add Domain Admins to Local
Admnistrators group for security reasons. Instead, create a domain
account/group and delegate permissions to administer computers to that
account/group.

--
Arek Iskra
MVP for Windows Server - Software Distribution



Posted by Roger Abell [MVP] on December 6, 2005, 10:08 am
If you were  Registered and logged in, you could reply and use other advanced thread options
If you place those machines under the management scope of
and AD based GPO, and in that GPO use the policy to rename
the Administrator account to a known value and define a Restricted
Group setting for the Administrators group and in that definition set
the renamed Administrator and whatever domain group(s) and/or
accounts(s). Do not link such a GPO to the domain or DCs OU.

> Good day to you!
>
> Is there a way for the Domain Admins to regain full access to the
> Computers and Servers joined in the Domain?
>
> Thanks.
>



Similar ThreadsPosted
domaine vergabe free de domains domain de eu domain name registrieren de be domain July 28, 2008, 4:14 pm
Need a way to remove a certificate from domain computers June 2, 2008, 10:57 am
Restoring Administrative Rights to domain computers January 11, 2006, 7:54 pm
How to request client certificate, non domain computers December 5, 2007, 9:39 am
Domain Admin can't log into child domains February 15, 2006, 7:19 pm
Secured domain admin using MMC Snapins November 21, 2007, 10:26 am
2000 Domain Admin Security Best Practices October 17, 2005, 11:50 pm
How do I manage local admin accounts without a domain or ADS? November 16, 2005, 6:22 pm
Problem with Domain Admin becoming Administrator (builtin) April 11, 2006, 10:08 am
Built-in domain admin account password will expire January 3, 2007, 3:03 pm

The site map in XML format XML site map

Contact Us | Privacy Policy