*>>**However, the business are adamant that every member of the support teams (from helpdesk upwards) will be given a Domain Admin account. Am I right in assuming this means that they could simply add themselves into the groups I am setting up, because even if I restrict these groups via an ACL, they could just take ownership of the group?*
You might need to enlist the assistance of... dare I say it? ... Auditors. If everyone is a domain admin, then they can all do whatsoever they want in the domain. Seriously, is your organization not subject to some you sort of regulatory compliance? Who is your CTO/CIO? *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * On Thu, Sep 30, 2010 at 7:49 AM, James Rankin <[email protected]> wrote: > However, the business are adamant that every member of the support teams > (from helpdesk upwards) will be given a Domain Admin account. Am I right in > assuming this means that they could simply add themselves into the groups I > am setting up, because even if I restrict these groups via an ACL, they > could just take ownership of the group? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
