Tom's Hardware: Topic How do I Lock-out GPO to Clients
Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > How do I Lock-out GPO to Clients
Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions.
Sign up now! Its free!
Archived from groups: microsoft.public.win2000.group_policy (More info?)
if you want to prevent an admin from managing GPOs, then don't make them an
admin.
It does not matter if you set specific deny ACLs on GPOs. The admin can
take ownership of the object and grant herself access.
You can audit policy change. But the admin can stop auditing or can cover
her tracks by deleting the audit events in the security log.
It is pointless to go down this path. untrusted users should not be
administrators.
--
Glenn L
CCNA, MCSE 2000/2003 + Security
"DanielM" <DanielM@discussions.microsoft.com> wrote in message
news
7430169-9C9C-4FD8-B105-226034A139B2@microsoft.com...
> Hi
>
> I need to lock-out a client with Admin rights from modifing the GPO or
> audit
> his modification to GPO. I been seeing modifications to the GPO that is
> strange. Is there a way toy to find out who is modidifing the GPO.
>
>
Please mind
You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.
Sponsored links
Ad
They won a badge
Join us in greeting them
- 01:00 cabletechnician won the Freshman badge
- 01:00 jon bon wonton won the Freshman badge
- 01:00 misiu_mp won the Freshman badge
- 01:00 curtains won the Uniformed badge
- 01:00 comcast4life won the Freshman badge
- 01:00 saito80 won the Freshman badge
- 01:00 prathameshdotinfo won the Freshman badge
- 01:00 Loreraven won the Uniformed badge
- 01:00 Socnom won the Freshman badge
- 01:00 T-Bone won the Freshman badge