1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

How to limit admin account permissions.

Discussion in 'Windows Home Server' started by Robert Hindla, Apr 20, 2009.

  1. Robert Hindla

    Robert Hindla Guest

    I need an admin account whose password other admin accounts can't change.

    The Microsoft way to make the administrator password inaccessible to other
    administrators is to force the creation of another security scope: a new
    box, a new domain, a new virtual machine.

    What I need is a way to keep battling adminstrators of the same domain from
    locking each other out.

    Can this be done, with or without other tools?

    The need is especially acute on laptops, whose owners should, kind of, have
    admin permissions, anyway. Some people are nice and won't mess with you.
    But you get wretched people too, people who should probably be driving cabs
    but get hired anyway who will make me use ERD to recover the password.

    Isn't anyway to get a programmer into Internet Services Manager without
    making him an admin? This is just wrong. I need to withhold configuration
    control from warring programmers.

    Considering these problems, I'm amazed Microsoft ever sold copy 1 in an
    enterprise environment. Nice desktop, but as an enterprise OS, the security
    features are lacking.
     
    Robert Hindla, Apr 20, 2009
    #1
  3. Meinolf Weber [MVP-DS]

    Meinolf Weber [MVP-DS] Guest

    Hello Robert,

    See my reply in microsoft.public.windows.server.active_directory and please
    do not multipost. Use crossposting with a newsreader like outlook express
    or another freeware newsreader.

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


    > I need an admin account whose password other admin accounts can't
    > change.
    >
    > The Microsoft way to make the administrator password inaccessible to
    > other administrators is to force the creation of another security
    > scope: a new box, a new domain, a new virtual machine.
    >
    > What I need is a way to keep battling adminstrators of the same domain
    > from locking each other out.
    >
    > Can this be done, with or without other tools?
    >
    > The need is especially acute on laptops, whose owners should, kind of,
    > have admin permissions, anyway. Some people are nice and won't mess
    > with you. But you get wretched people too, people who should probably
    > be driving cabs but get hired anyway who will make me use ERD to
    > recover the password.
    >
    > Isn't anyway to get a programmer into Internet Services Manager
    > without making him an admin? This is just wrong. I need to withhold
    > configuration control from warring programmers.
    >
    > Considering these problems, I'm amazed Microsoft ever sold copy 1 in
    > an enterprise environment. Nice desktop, but as an enterprise OS, the
    > security features are lacking.
    >
     
    Meinolf Weber [MVP-DS], Apr 20, 2009
    #2

Share This Page