Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13
  1. #11
    Senior Member
    Join Date
    Jan 2002
    Suppose you have two groups, "Workstation admins" and "Server admins", neither of which is in "Domain admins", hence they don't have control over Active Directory; neither of them has admin rights on any domain controller, and neither of which has admin privileges on the other group's machines.

    If a workstation admin ever logs into a server, or vice versa, then that group can potentially gain the others' passwords. This is because, with local admin rights, you can take control of a machine remotely and use the other users' permission to do whatever your want.


  2. #12
    Join Date
    Feb 2005
    hey zooligan - you wouldn't happen to be in Atlanta would you?

  3. #13
    Join Date
    Aug 2004
    another way... i'm not gonna go into details is to install a script/batch to run at startup which will automatically add an user into to domain admin group given that it is run while authorised person is logged in.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.