Thanks all for your replies. Joe: I got you loud and clear
and agree.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, September 22, 2005 10:10 AM
To: [email protected]
Subject: RE: [ActiveDir] Domain Controller Security
Look through the archives.
The short answer is... "Just don't do it". You can't
possibly secure this regardless of what anyone says. If someone says it can be
made safe, stop asking them technical questions about Domain Controllers and
Active Directory.
Either you trust the person or you don't. If you don't
trust the person, then don't put the person in a position to show you the
meaning of screwed.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of van Donk, Fred
Sent: Tuesday, September 20, 2005 4:52 PM
To: [email protected]
Subject: [ActiveDir] Domain Controller Security
Sent: Tuesday, September 20, 2005 4:52 PM
To: [email protected]
Subject: [ActiveDir] Domain Controller Security
I have a contractor
in a remote site. There is only 1 server in that site which is a
DC.
He needs to
administer that server.
-Create
shares
-Make file/share
permissions
-Change user
passwords in the User OU for that site.
He is not allowed to
log on to any other server is the domain.
When I make him a
"Server Operator" he can logon to any server in the domain.
Any idea on how to
lock him down to that one server and then how to lock him down on that one OU
where he should only be allowed to change the passwords of the
users.
Thanks!
Fred
