Alex, you appear to be asking two different questions: Q1) "If someone is a local admin of a machine, is there a way to restrict their ability to access the c$ share of the machine?"
A1) No. If a user's domain account is set up as a local admin on a machine there is no way to restrict him, as an admin, from accessing the admin$ shares of his own machine... Q2) "Is there any way to make it so that they cannot UNC to the C$ of their coworkers' computers, but we can sitll get in as Domain Admins?" A2) If the users not set up as admins on their coworkers' computer, then they don't have privileges to the admin shares on the coworkers' computer either. As Domain Admins, as long as the DA's have admin privileges on all the machine, you can still get to the admin$ shares on all the machines..... If I've misunderstood, please explain in further detail. Joe Pochedley If you have time to do it twice, you had time to do it right in the first place. -----Original Message----- From: Alexander Kha Do [mailto:[EMAIL PROTECTED] Sent: Friday, March 14, 2003 2:10 PM To: NT 2000 Discussions Subject: RE: Remote Admin shares But when you're in the GUI it tells you that you can't change the permissions on Admin or volume shares. Do you have some other way of doing it? -----Original Message----- From: Ed Esgro [mailto:[EMAIL PROTECTED] Sent: Friday, March 14, 2003 11:03 AM To: NT 2000 Discussions Subject: RE: Remote Admin shares Sure just set permissions to the share only to domain admins. Ed Esgro Sr. Systems Admin Stainsafe Inc. 354 Hiatt Dr. Palm Beach Gardens, FL 33418 561.622.4260 Ext 134 -----Original Message----- From: Alexander Kha Do [mailto:[EMAIL PROTECTED] Sent: Friday, March 14, 2003 2:01 PM To: NT 2000 Discussions Subject: Remote Admin shares If someone is a local admin of a machine, is there a way to restrict their ability to access the c$ share of the machine? Our situation is such that we have a "staff" group which has local admin rights to the standard workstations. Is there any way to make it so that they cannot UNC to the C$ of their coworkers' computers, but we can sitll get in as Domain Admins? ~Alex ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
