delegate permissions to logon dc-servers

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

In the Active directory I can prevent a user to logon on every workstation. I
can make him logon only on the workstations I select. How can I do the same
thing with a user that should only logon to one domain controller with a
specific admin-account?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

You really can't. The domain controllers of a domain share the same security
settings.

Anyway, for security reasons, the only people who should be able to write to the
filesystem, modify services, or log on interactively to DCs should be domain
admins and they should also all be enterprise admins. Escalation from
interactive access to full enterprise admin rights can be accomplished by
someone who knows what they are doing.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


DG wrote:
> In the Active directory I can prevent a user to logon on every workstation. I
> can make him logon only on the workstations I select. How can I do the same
> thing with a user that should only logon to one domain controller with a
> specific admin-account?
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom