Thank you for pointing this out but I understand the security issues. I am not making the call on this I have simply been asked to research the functionality of a terminal server promoted to a domain controller.
Michael Hauck Network Administrator HiRel Systems 603-842-8808 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, April 05, 2005 12:03 PM To: [email protected] Subject: RE: [ActiveDir] Terminal Server to DC > I will need to give each user the ability to log on locally. > That is fine. Huh? Is this a standalone domain controller, i.e. not in a part of a forest or other domain? If not, this truly isn't fine unless you don't have any concerns about security and when I say no concerns about security I mean you don't care if you have it or not. You would be putting users into a position where they could make your life very painful. Domain Controllers should have no one but domain admins logging into them interactively. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Hauck Sent: Tuesday, April 05, 2005 11:52 AM To: [email protected] Subject: [ActiveDir] Terminal Server to DC Hello all. We have a terminal server in a remote location that has been used by a handful of people. We now have a need to promote this Win2K server to a DC. The issue is, this server needs to remain a TS as well. These few users are setup in the Power User group on the local machine and access a single program that is installed on this server as well as a couple of printers that have been setup for each profile. I understand once this server is promoted all local accounts will go away and that I will need to give each user the ability to log on locally. That is fine. My question is, does the upgrade affect the user's profiles currently installed on that server? Once I have gone through the process of promoting this server (and giving them Log on Locally rights) will they be able to access the server like nothing has changed or will I be setting each user up from scratch? Michael Hauck Network Administrator HiRel Systems 603-842-8808 List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
