Set the resolution to 4096x6720, and... ahh, there it is.
NOW the whole ego fits on the screen.
:Q
-gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, July 11, 2006 4:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Computer Account in Local Administrators Group Almost always????
;o)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deji Akomolafe Sent: Friday, July 07, 2006 9:41 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Computer Account in Local Administrators Group I see the flaws in my
original statement, and should have worded it differently.
My interpretation of "Network
Service" functionality is different from joe's. But joe is smarter than
me, has some cool tools that give him much more authoritative information
on these kind of things, and he is almost always correct. So, please listen to
him.
If I have the time, I may come back and try
to explain my interpretation. Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: joe Sent: Thu 7/6/2006 11:17 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Computer Account in Local Administrators Group A service running on ServerA as localsystem or
networkservice will touch remote machines including ServerB with the security
context of DOMAIN\ServerA, not networkservice.
A service running on ServerA in localservice should touch
remote machines as anonymous.
At no point will configuring permission on ServerB to
networkservice give any rights to ServerA, only processes running on the local
machine (ServerB)) as networkservice.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deji Akomolafe Sent: Thursday, July 06, 2006 12:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Computer Account in Local Administrators Group I see...
If the service runs as LocalSystem, then it
already has the highest privilege possible on that system. In this case, the
vendor (or the vendor's support rep) may be asking for this simply for the
"interact" portion of your statement. Without knowing what the app does, it's
hard to tell. But, I'd ask the vendor's rep specifically what level of access is
needed to perform whatever the app is supposed to perform on the "other
machine".
Because, you see, if the app runs in the
context of LocalSystem on ServerA and needs to do something on ServerB, the
Network Service credentials will be used. If whatever is running on ServerB
allows "Network Service" account to do the job, then there is no additional
config or privilege to add on ServerA. Ask the vendor if "Network Service" has
the ability to successfully "interact" with the other machine in question, or if
the access can be configured to accommodate the "Network Service"
account.
Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] Sent: Thu 7/6/2006 8:08 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: Computer Account in Local Administrators Group I’m definitely not
wanting to do this – but a vendor was saying to do it to allow one of their
services to run as Local System and be able to interact with another
machine. I am very skeptical,
and not allowing it. Thanks, James Fr More directly - WHY
are you looking to do this? What problem are you trying to
solve?
Fr Ultimately, anyone with physical access to the remote PC will have Admin rights over the PC in which you add the account to the admins group for.
Directly, anyone who can run anything as localsystem or networkservice will have those rights.
-- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
-----Original Message----- Fr [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, July 05, 2006 12:05 PM To: Subject: [ActiveDir] OT: C
What is the net effect of placing a remote c (\\d
Thanks,
James
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx |
- RE: [ActiveDir] OT: Compute... joe
- RE: [ActiveDir] OT: Co... Gil Kirkpatrick
- Re: [ActiveDir] OT: Co... Steven Comeau
- Re: [ActiveDir] OT: Co... Steven Comeau
- Re: [ActiveDir] OT... Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: [ActiveDir] OT: Co... Steven Comeau
- Re: [ActiveDir] OT: Co... Steven Comeau