local user creation on W2K server DC
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
Is it possible to create a local user on a Windows 2000 Server domain
controller? If so how or where. Thanks
Is it possible to create a local user on a Windows 2000 Server domain
controller? If so how or where. Thanks
More about : local user creation w2k server
Archived from groups: microsoft.public.win2000.security (More info?)
No. There's no concept of a local user on a DC. All users created on a DC
are domain users.
What is it you are trying to accomplish?
--
Bob McCoy
* This posting is provided "AS IS" with no warranties, and confers no
rights.
* Please note I cannot respond to email questions. Please use these
newsgroups.
"Brian" <Brian@discussions.microsoft.com> wrote in message
news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
> Is it possible to create a local user on a Windows 2000 Server domain
> controller? If so how or where. Thanks
No. There's no concept of a local user on a DC. All users created on a DC
are domain users.
What is it you are trying to accomplish?
--
Bob McCoy
* This posting is provided "AS IS" with no warranties, and confers no
rights.
* Please note I cannot respond to email questions. Please use these
newsgroups.
"Brian" <Brian@discussions.microsoft.com> wrote in message
news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
> Is it possible to create a local user on a Windows 2000 Server domain
> controller? If so how or where. Thanks
Archived from groups: microsoft.public.win2000.security (More info?)
That can not be done. There is only one local user on a domain controller -
the built in administrator account used for Recovery Console and Directory
Services Restore. Beyond that you will have to rely on user rights,
privileged group membership [server operators and such], and maybe Group
Policy [software installation] to give a user more powers on a domain
controller without actually making them a domain admin. If you want a non
domain admin to create and manage users/groups/Group Policy, that can be
done via user delegation which give a users additional permissions to an
Active Directory object or container. -- Steve
"Brian" <Brian@discussions.microsoft.com> wrote in message
news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
> Is it possible to create a local user on a Windows 2000 Server domain
> controller? If so how or where. Thanks
That can not be done. There is only one local user on a domain controller -
the built in administrator account used for Recovery Console and Directory
Services Restore. Beyond that you will have to rely on user rights,
privileged group membership [server operators and such], and maybe Group
Policy [software installation] to give a user more powers on a domain
controller without actually making them a domain admin. If you want a non
domain admin to create and manage users/groups/Group Policy, that can be
done via user delegation which give a users additional permissions to an
Active Directory object or container. -- Steve
"Brian" <Brian@discussions.microsoft.com> wrote in message
news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
> Is it possible to create a local user on a Windows 2000 Server domain
> controller? If so how or where. Thanks
Archived from groups: microsoft.public.win2000.security (More info?)
If you remove an account from Domain Users, or if a DC
local admin is your objective from Domain Admins, then
you can start to come close to a local account by placing
that account instead in Users or Administrators. As much
that is domain-wide is granted in terms of the Domain Users
and Domain Admins groups this does limit the account
down somewhat - but it is still a domain account.
I am left at the same point as Bob when he asked What
is it that you are trying to do?
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Brian" <Brian@discussions.microsoft.com> wrote in message
news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
> Is it possible to create a local user on a Windows 2000 Server domain
> controller? If so how or where. Thanks
If you remove an account from Domain Users, or if a DC
local admin is your objective from Domain Admins, then
you can start to come close to a local account by placing
that account instead in Users or Administrators. As much
that is domain-wide is granted in terms of the Domain Users
and Domain Admins groups this does limit the account
down somewhat - but it is still a domain account.
I am left at the same point as Bob when he asked What
is it that you are trying to do?
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Brian" <Brian@discussions.microsoft.com> wrote in message
news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
> Is it possible to create a local user on a Windows 2000 Server domain
> controller? If so how or where. Thanks
Related ressources
- user profiles on a dc - Forum
- how to add xp power user to local computer in DC GP? - Forum
- What would happen if a solo W2K DC were to crash, and the .. - Forum
- A Very Sick W2K Server - Forum
- local admin GPO w2k server not applying - Forum
Archived from groups: microsoft.public.win2000.security (More info?)
I was just trying to create less privaled local account for some
applications running on this server like SQL. Thanks
"Brian" <Brian@discussions.microsoft.com> wrote in message
news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
> Is it possible to create a local user on a Windows 2000 Server domain
> controller? If so how or where. Thanks
I was just trying to create less privaled local account for some
applications running on this server like SQL. Thanks
"Brian" <Brian@discussions.microsoft.com> wrote in message
news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
> Is it possible to create a local user on a Windows 2000 Server domain
> controller? If so how or where. Thanks
Archived from groups: microsoft.public.win2000.security (More info?)
SQL Server can and should be installed/configured to run with
the main and the agent account being just plain user accounts.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Brian" <sendnospam@nowhere.com> wrote in message
news:e4qV22B7EHA.2016@TK2MSFTNGP15.phx.gbl...
> I was just trying to create less privaled local account for some
> applications running on this server like SQL. Thanks
> "Brian" <Brian@discussions.microsoft.com> wrote in message
> news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
> > Is it possible to create a local user on a Windows 2000 Server domain
> > controller? If so how or where. Thanks
>
>
SQL Server can and should be installed/configured to run with
the main and the agent account being just plain user accounts.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Brian" <sendnospam@nowhere.com> wrote in message
news:e4qV22B7EHA.2016@TK2MSFTNGP15.phx.gbl...
> I was just trying to create less privaled local account for some
> applications running on this server like SQL. Thanks
> "Brian" <Brian@discussions.microsoft.com> wrote in message
> news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
> > Is it possible to create a local user on a Windows 2000 Server domain
> > controller? If so how or where. Thanks
>
>
Archived from groups: microsoft.public.win2000.security (More info?)
Remember, there is no concept of "least privileged" when you log on
interactively to a domain controller.
The assumption is that if you can put hands on the box, you can "0wn" that
box. This is why we emphatically state that physical security for domain
controllers is *critical path* important.
"Brian" <sendnospam@nowhere.com> wrote in message
news:e4qV22B7EHA.2016@TK2MSFTNGP15.phx.gbl...
>I was just trying to create less privaled local account for some
> applications running on this server like SQL. Thanks
> "Brian" <Brian@discussions.microsoft.com> wrote in message
> news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
>> Is it possible to create a local user on a Windows 2000 Server domain
>> controller? If so how or where. Thanks
>
>
Remember, there is no concept of "least privileged" when you log on
interactively to a domain controller.
The assumption is that if you can put hands on the box, you can "0wn" that
box. This is why we emphatically state that physical security for domain
controllers is *critical path* important.
"Brian" <sendnospam@nowhere.com> wrote in message
news:e4qV22B7EHA.2016@TK2MSFTNGP15.phx.gbl...
>I was just trying to create less privaled local account for some
> applications running on this server like SQL. Thanks
> "Brian" <Brian@discussions.microsoft.com> wrote in message
> news:0B396189-342C-410B-970E-C3A1072D0335@microsoft.com...
>> Is it possible to create a local user on a Windows 2000 Server domain
>> controller? If so how or where. Thanks
>
>
Related ressources:
- ForumLogon local to W2k workstation using domain account
- Forum2nd DC not authenticating users?
- ForumHelp to Find out Which W2K DC the XP client authenticate
- ForumW2K Advanced Server user rights assignment
- Forum2003 TS and W2K DC - Help!
- ForumEventid 5722 su w2k
- ForumWhy doesnt this w2k client register in DNS?
- ForumMapping users to specific drives on a W2K server
- ForumExternal Trusts between W2K DCs in Different Forests CONTI..
- ForumEventid 5722 su w2k
- ForumBuilding DAW for Music Creation /Production
- ForumCan you reset a client connecting to a remote Site DC back..
- ForumDC 's in small companies
- ForumDC GPO - password policy not enforced
- ForumParallel and com ports not appearing in device manager
- More resources
!
