local user creation on W2K server DC

Archived from groups: microsoft.public.win2000.security (More info?)

Is it possible to create a local user on a Windows 2000 Server domain
controller? If so how or where. Thanks
6 answers Last reply
More about local user creation server
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    No. There's no concept of a local user on a DC. All users created on a DC
    are domain users.

    What is it you are trying to accomplish?

    --
    Bob McCoy
    * This posting is provided "AS IS" with no warranties, and confers no
    rights.
    * Please note I cannot respond to email questions. Please use these
    newsgroups.


    "Brian" <Brian@discussions.microsoft.com> wrote in message
    news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
    > Is it possible to create a local user on a Windows 2000 Server domain
    > controller? If so how or where. Thanks
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    That can not be done. There is only one local user on a domain controller -
    the built in administrator account used for Recovery Console and Directory
    Services Restore. Beyond that you will have to rely on user rights,
    privileged group membership [server operators and such], and maybe Group
    Policy [software installation] to give a user more powers on a domain
    controller without actually making them a domain admin. If you want a non
    domain admin to create and manage users/groups/Group Policy, that can be
    done via user delegation which give a users additional permissions to an
    Active Directory object or container. -- Steve


    "Brian" <Brian@discussions.microsoft.com> wrote in message
    news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
    > Is it possible to create a local user on a Windows 2000 Server domain
    > controller? If so how or where. Thanks
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    If you remove an account from Domain Users, or if a DC
    local admin is your objective from Domain Admins, then
    you can start to come close to a local account by placing
    that account instead in Users or Administrators. As much
    that is domain-wide is granted in terms of the Domain Users
    and Domain Admins groups this does limit the account
    down somewhat - but it is still a domain account.

    I am left at the same point as Bob when he asked What
    is it that you are trying to do?
    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "Brian" <Brian@discussions.microsoft.com> wrote in message
    news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
    > Is it possible to create a local user on a Windows 2000 Server domain
    > controller? If so how or where. Thanks
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    I was just trying to create less privaled local account for some
    applications running on this server like SQL. Thanks
    "Brian" <Brian@discussions.microsoft.com> wrote in message
    news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
    > Is it possible to create a local user on a Windows 2000 Server domain
    > controller? If so how or where. Thanks
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    SQL Server can and should be installed/configured to run with
    the main and the agent account being just plain user accounts.

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "Brian" <sendnospam@nowhere.com> wrote in message
    news:e4qV22B7EHA.2016@TK2MSFTNGP15.phx.gbl...
    > I was just trying to create less privaled local account for some
    > applications running on this server like SQL. Thanks
    > "Brian" <Brian@discussions.microsoft.com> wrote in message
    > news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
    > > Is it possible to create a local user on a Windows 2000 Server domain
    > > controller? If so how or where. Thanks
    >
    >
  6. Archived from groups: microsoft.public.win2000.security (More info?)

    Remember, there is no concept of "least privileged" when you log on
    interactively to a domain controller.

    The assumption is that if you can put hands on the box, you can "0wn" that
    box. This is why we emphatically state that physical security for domain
    controllers is *critical path* important.


    "Brian" <sendnospam@nowhere.com> wrote in message
    news:e4qV22B7EHA.2016@TK2MSFTNGP15.phx.gbl...
    >I was just trying to create less privaled local account for some
    > applications running on this server like SQL. Thanks
    > "Brian" <Brian@discussions.microsoft.com> wrote in message
    > news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
    >> Is it possible to create a local user on a Windows 2000 Server domain
    >> controller? If so how or where. Thanks
    >
    >
Ask a new question

Read More

Security Windows 2000 Microsoft Servers Windows