Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Restrict the Domain Admin

from [Raoul Armfield] Network Security [Permanent Link]
Subject: Re: Restrict the Domain Admin
Date: Fri, 16 Sep 2005 16:46:28 -0400
sf_mail_sbm@yahoo.com wrote: 
Hi List,
Is there a way to restrict access of a Domain Admin?

Example, can we allow a Dommain admin to do everything EXCEPT user management (e.g. password reset)? 

We want to secure our environment, and do not want to have "ALL-POWERFULL" 
domain admins around

Thanks for your suggestions

P.S. Environment: Windows (2000 & 2003) - Active Directory


Your best bet would be to do what we did in our environment. We gave rights as needed. We only have 4 Domain Level Admin accounts and those are only to be used when absolutely needed. Everyone uses an account that only has as much privileges as their job requires.

By doing this you can give them any rights that they might need.

Remember you WILL come across a situation where you want an "ALL-POWERFULL" domain admin account.

--
Raoul Armfield
Support Specialist
IT-Call Center
armfield at amnh dot org
American Museum of Natural History
Central Park West at 79th Street
New York, New York 10024-5192
(212) 313-7258

5152 1277 A04B 04C2 BBE4
3EE8 8369 3541 8B93 42DA

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Restrict the Domain Admin, G. Chomic
Next by Date:  Re: Restrict the Domain Admin, Pete Hunt
Previous by Thread:  Re: Restrict the Domain Admin, G. Chomic
Next by Thread:  Re: Restrict the Domain Admin, Pete Hunt
Indexes:  [Date] [Thread] [Top] [All Lists]