|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
How to make sub Domain Admin wit h some restrictionI have windows 2003 domain, i want to make on sub domain admin account with some restriction like, - this user can not take ownership the files or folders on which he don't have rights, - and this user can not change Administrators user properties. by adding this user in Domain Admins group it will become sub admin. but how can i restrict this user for these two conditions? is anybody help me out...? thanks in advance -- Thanks and Regards, Dipak Patel Network Administrator APIMA > - this user can not take ownership the files or folders on which he don't You can't. If you were to devise a way to do this they as administrator can > have rights, > - and this user can not change Administrators user properties. undo it. If you can't trust the administrator they don't need to be an administrator. hth DDS W 2k MVP MCSE Show quoteHide quote "Dipak" <Di***@discussions.microsoft.com> wrote in message news:1F163AF2-AB51-4D0B-BD2E-DC7B30CFCA8E@microsoft.com... > Hi all, > > I have windows 2003 domain, i want to make on sub domain admin account > with > some restriction like, > - this user can not take ownership the files or folders on which he don't > have rights, > - and this user can not change Administrators user properties. > > by adding this user in Domain Admins group it will become sub admin. but > how > can i restrict this user for these two conditions? > is anybody help me out...? > thanks in advance > > -- > Thanks and Regards, > > Dipak Patel > Network Administrator > APIMA Thanks for your quick reply Danny
I fully agree with you Danny, fine now is there way that we can we assign some admin rights to the normal user, like he can do stop/start services, install softwares, make users groups OU and make Group policy, etc. but he don't have rights to take ownership and deny rights to change Administrators properties. if anybody can help me ...heartily appreciated -- Show quoteHide quoteThanks and Regards, Dipak Patel Network Administrator APIMA "Danny Sanders" wrote: > > - this user can not take ownership the files or folders on which he don't > > have rights, > > - and this user can not change Administrators user properties. > > You can't. If you were to devise a way to do this they as administrator can > undo it. > If you can't trust the administrator they don't need to be an administrator. > > hth > DDS W 2k MVP MCSE > > "Dipak" <Di***@discussions.microsoft.com> wrote in message > news:1F163AF2-AB51-4D0B-BD2E-DC7B30CFCA8E@microsoft.com... > > Hi all, > > > > I have windows 2003 domain, i want to make on sub domain admin account > > with > > some restriction like, > > - this user can not take ownership the files or folders on which he don't > > have rights, > > - and this user can not change Administrators user properties. > > > > by adding this user in Domain Admins group it will become sub admin. but > > how > > can i restrict this user for these two conditions? > > is anybody help me out...? > > thanks in advance > > > > -- > > Thanks and Regards, > > > > Dipak Patel > > Network Administrator > > APIMA > > > Dipak,
You can not make a Domain Admin "limited". If I were you I would look into two things: 1) Delegation of Control 2) hiring trustworthy people! -- Show quoteHide quoteCary W. Shultz Roanoke, VA 24012 "Dipak" <Di***@discussions.microsoft.com> wrote in message news:1F163AF2-AB51-4D0B-BD2E-DC7B30CFCA8E@microsoft.com... > Hi all, > > I have windows 2003 domain, i want to make on sub domain admin account > with > some restriction like, > - this user can not take ownership the files or folders on which he don't > have rights, > - and this user can not change Administrators user properties. > > by adding this user in Domain Admins group it will become sub admin. but > how > can i restrict this user for these two conditions? > is anybody help me out...? > thanks in advance > > -- > Thanks and Regards, > > Dipak Patel > Network Administrator > APIMA 
Other interesting topics
ADAM - Domain Service Account V.S. Network Service
User Login Time on windows 2000 profesional on Domain AD Disaster Recovery mapped drives at logon ADAM multivalue limit Number of users per container (OU) in ADAM / AD Fresh Install of ADAM SP1 - Can't install without doing an upgrade Problems locating PDC on win2k3 server Push domain account into Local computer user group? Clients get automatically locked |
|||||||||||||||||||||||
