Child domain - Global group permissions
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
I am having a problem assigning Domain Admin privileges in child domain. I
have normal user accounts in a parent domain that need Domain Admin
privileges in a child domain. Apparently by-design, this can't be done,
since the domain admins group is a global group.
Is there a work around or magic that will accomplish the same?
Rob
I am having a problem assigning Domain Admin privileges in child domain. I
have normal user accounts in a parent domain that need Domain Admin
privileges in a child domain. Apparently by-design, this can't be done,
since the domain admins group is a global group.
Is there a work around or magic that will accomplish the same?
Rob
More about : child domain global group permissions
Archived from groups: microsoft.public.win2000.security (More info?)
Microsoft's recommendation for permission delegations is "AGDLP"
This means you put _A_ccount to _G_lobal Group. You should place Global
group to (Domain) _L_ocal group and assign permission to it...
To put it another way. Create new Domain Local group and add Global group
from other domain. Assign permissions to your resource using newly created
Domain Local group...
I hope this helps,
Mike
"Rob" <rob john@hmmausa.com> wrote in message
news![:o]( ":o")
xWtOMXeEHA.556@tk2msftngp13.phx.gbl...
> I am having a problem assigning Domain Admin privileges in child domain.
I
> have normal user accounts in a parent domain that need Domain Admin
> privileges in a child domain. Apparently by-design, this can't be done,
> since the domain admins group is a global group.
>
> Is there a work around or magic that will accomplish the same?
>
> Rob
>
>
Microsoft's recommendation for permission delegations is "AGDLP"
This means you put _A_ccount to _G_lobal Group. You should place Global
group to (Domain) _L_ocal group and assign permission to it...
To put it another way. Create new Domain Local group and add Global group
from other domain. Assign permissions to your resource using newly created
Domain Local group...
I hope this helps,
Mike
"Rob" <rob john@hmmausa.com> wrote in message
news
xWtOMXeEHA.556@tk2msftngp13.phx.gbl...> I am having a problem assigning Domain Admin privileges in child domain.
I
> have normal user accounts in a parent domain that need Domain Admin
> privileges in a child domain. Apparently by-design, this can't be done,
> since the domain admins group is a global group.
>
> Is there a work around or magic that will accomplish the same?
>
> Rob
>
>
Related ressources:
- ForumLinking a GP to a Global Secuity Group
- ForumEnteprisesubordinate CA in parent: child domains
- ForumAdding user to Child Domain Group
- Foruma global group cannot have a cross- domain member
- Foruma global group cannot have a cross- domain member
- ForumDeny Permissions not effective on child OUs
- Forum[Long] Clearing GC check box caused child domain to be del..
- Forumactive directory in parent- child domain
- ForumGlobal Group Question
- ForumSecurity - Global group
- ForumChild Domains and GPO's
- Forumquestion about child and parent domains
- ForumAdministrator Permissions Not Applying in Domain
- ForumGroup Permissions not working on client computers
- ForumAD Replication of child domains
- ForumAllow domain user to change local permissions on domain co..
- ForumProblem: Permissions in AD
- ForumParallel and com ports not appearing in device manager
- ForumSystem32 permissions
- ForumDo not allow other domain user logon to specific workstation
- More resources
!
