List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] User with rights to join domain

Prev Next

You are not authorized to post a reply.

Author

Messages

osama_ssuetians User is Offline

Posts:0

10/22/2007 8:45 AM
Hi all, Basically all of our engineers are part of Domain admins. The reasons are as under a) They have to join workstation to our domain b) Install user software like Acrobat office 2003 etc. c) Access network resources Now we want to remove them from the domain admins group but want the above specified actions be performed from them Waiitng for a good solution in this regard Thanking You, Osama Faheem __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx

ZJORZ

Posts:131

10/22/2007 8:51 AM
A) see: http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/369.aspx B) create some group in AD and use the restricted groups feature in GPOs to populate the local administrators group on AD clients/servers with the group in AD (http://technet2.microsoft.com/windowsserver/en/library/2715d832-fe71-47f7-86fd-412f013a40cd1033.mspx?mfr=true & http://technet2.microsoft.com/windowsserver/en/library/156780ef-eb36-4433-b3fe-1b1a15c18f6a1033.mspx?mfr=true) C) Create groups in AD, make people a member of those groups and define the groups in ACEs on the ACL of the resources Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU ISA Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : ________________________________ From: ActiveDir-owner@mail.activedir.org on behalf of Osama Faheem Sent: Mon 2007-10-22 14:45 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] User with rights to join domain Hi all, Basically all of our engineers are part of Domain admins. The reasons are as under a) They have to join workstation to our domain b) Install user software like Acrobat office 2003 etc. c) Access network resources Now we want to remove them from the domain admins group but want the above specified actions be performed from them Waiitng for a good solution in this regard Thanking You, Osama Faheem __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] User with rights to join domain

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads