Restricted Groups Remote Desktop Users group (empty be default)
OU based security allowing full control at the _OU_ level only. Exchange Administration privileges separate from AD privileges (this will be the hairiest. There's a 100+ page document from MS with samples of all the changes you'll need if you want to get fine grained.) ________________________________ From: David Lum [mailto:[EMAIL PROTECTED] Sent: Friday, September 19, 2008 2:36 PM To: NT System Admin Issues Subject: Step-by-step for removing domain admins & delegating I have some users I need to pull out of being Domain Administrators, but they still need to be able to create / administer AD and Exchange accounts, remote desktop to the PC's, blah blah blah. While I can always iteratively step through these, has anyone done the same king of thing and have a guideline I can look at before I run through everything step by step? Granted , all environments are different, but if I can get some of the basics covered... I need to come up with documentation and get approval before actually making the change. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
