RE: [ActiveDir] Restrict Administrative Privileges

[Rich Milburn]

Title: Restrict Administrative Privileges

Agreed, you have a user you can’t trust who has rights (Domain Admin) that say he is fully trusted.  There lurks irony…   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DL.ActiveDirectory Sent: Monday, February 16, 2004 11:39 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Restrict Administrative Privileges   Less headache solution: Tell the user not to do that and can his ass if he does.   I await eagerly the reply of the technical solution.   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stuart, Cory G. Posted At: Monday, February 16, 2004 11:26 AM Posted To: ~AD Discussion~ Conversation: Restrict Administrative Privileges Subject: [ActiveDir] Restrict Administrative Privileges   Hi All,         Is there a way to deny password changing abilities to a Domain Administrator for only a limited set of accounts?  These accounts reside in their own OU, which because of the permissions set, that Domain Admin cannot even see it when in ADUC.  I thought that my problem was solved.  I just found out that this Domain Admin can still use DSMOD to change passwords of users within that OU.  Any help is appreciated! Thanks!! Cory ----------------------------------- Cory G. Stuart Network Administrator Nuclear Engineering Division Argonne National Laboratory ----------------------------------- -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.