|
tech
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
stop local admin users running ACT DIR from mmc ?Hi,
Im setting up a 2003 member server and need to allow 3 user to use the machine from its desktop. These users will probably need local admin rights. Is there anyway i can prevent these users loading ACTIVE DIR from the mmc consol ? Thanks Scott I don't think you can access AD tools from a member server. In any case, if
this is only a member server (NOT A DOMAIN CONTROLLER) add the respective accounts to the "Local Administrator" group on the member server. Making them a local admin on a member server won't give them access to the AD data. -- Show quoteRichard G. Harper [MVP Shell/User] rghar***@gmail.com * PLEASE post all messages and replies in the newsgroups * for the benefit of all. Private mail is usually not replied to. * My website, such as it is ... http://rgharper.mvps.org/ * HELP us help YOU ... http://www.dts-l.org/goodpost.htm "scott" <nospamscott@yahoo.com> wrote in message news:e3oDOccFFHA.3272@TK2MSFTNGP10.phx.gbl... > Hi, > > Im setting up a 2003 member server and need to allow 3 user to use the > machine from its desktop. These users will probably need local admin > rights. > > Is there anyway i can prevent these users loading ACTIVE DIR from the mmc > consol ? > > Thanks > Scott > " In any case, if this is only a member server (NOT A DOMAIN CONTROLLER) add
the respective accounts to the "Local Administrator" group on the member server. Making them a local admin on a member server won't give them access to the AD data." see thats the problem, im sure you can load the "AD user + comp" snapin for MMC even if you are a local admin on a member server. thanks for any work arounds scott So you can load the snap-in ... can you do anything with it? I'll bet not.
-- Show quoteRichard G. Harper [MVP Shell/User] rghar***@gmail.com * PLEASE post all messages and replies in the newsgroups * for the benefit of all. Private mail is usually not replied to. * My website, such as it is ... http://rgharper.mvps.org/ * HELP us help YOU ... http://www.dts-l.org/goodpost.htm "scott" <nospamscott@yahoo.com> wrote in message news:e8t$$eMGFHA.4088@TK2MSFTNGP09.phx.gbl... > > " In any case, if this is only a member server (NOT A DOMAIN CONTROLLER) > add the respective accounts to the "Local Administrator" group on the > member server. Making them a local admin on a member server won't give > them access to the AD data." > > see thats the problem, im sure you can load the "AD user + comp" snapin > for MMC even if you are a local admin on a member server. > > thanks for any work arounds > scott > your right the users cant do anything with it (like change anything) but
they can see everything in AD such as machines that call log into etc... would prefer it if users could not see anything in ad u+c snapin. Then either rename or delete the snap-in.
-- Show quoteRichard G. Harper [MVP Shell/User] rghar***@gmail.com * PLEASE post all messages and replies in the newsgroups * for the benefit of all. Private mail is usually not replied to. * My website, such as it is ... http://rgharper.mvps.org/ * HELP us help YOU ... http://www.dts-l.org/goodpost.htm "scott" <nospamscott@yahoo.com> wrote in message news:%23Mddcm0GFHA.3912@TK2MSFTNGP10.phx.gbl... > your right the users cant do anything with it (like change anything) but > they can see everything in AD such as machines that call log into etc... > would prefer it if users could not see anything in ad u+c snapin. > |
|||||||||||||||||||||||
Other interesting topics