They replace.
Reÿé From: Eisenberg, Wayne [mailto:[email protected]] Sent: Tuesday, March 24, 2009 2:24 PM To: NT System Admin Issues Subject: RE: How many domain admins do you have? So Restricted Groups add to the local group, not replace the entire contents of the local group? ________________________________ From: James Rankin [mailto:[email protected]] Sent: Tuesday, March 24, 2009 4:40 AM To: NT System Admin Issues Subject: Re: How many domain admins do you have? Group your servers into GPOs such as Citrix Servers, Exchange Servers, etc. , create a group called Citrix Server Admins or whatever, and use Restricted Groups to add that group to local Administrators for the servers in that OU. Users are then added to the relevant server admin group and inherit admin rights to the group of servers. 2009/3/23 Eisenberg, Wayne <[email protected]> I'm curious - how do you do that with GPOs? Wayne ________________________________ From: James Rankin [mailto:[email protected]] Sent: Monday, March 23, 2009 11:57 AM To: NT System Admin Issues Subject: Re: How many domain admins do you have? Only those who require Domain Administrator rights get them (those who work extensively on AD). Everyone else has their server admin rights limited via GPO to subsets of machines. We have custom groups for Exchange Server Admins, Citrix Admins, VirtualCenter admins, SQL admins, WebSense admins - on and on it goes. Even the high-level guys have an ordinary account for normal work and an elevated admin account to be used when needed. I would guess that most Domain Admin access in our AD is held by service accounts, rather sadly, although these accounts can not log on interactively, so their use is limited that way. 2009/3/23 David Lum <[email protected]> General poll: How many Systems Engineers do you guys have and how many of them are domain administrators? If you don't want to divulge specifics then percentages would work. For us we're at about 13 DA's / 13 SE's, although I think we should be closer to say, 4/13. Comments? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 *** The information in this e-mail is confidential and intended solely for the individual or entity to whom it is addressed. If you have received this e-mail in error please notify the sender by return e-mail delete this e-mail and refrain from any disclosure or action based on the information. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
