Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: local admin on one machine = ??? on others?

  1. #11
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Suppose you have two groups, "Workstation admins" and "Server admins", neither of which is in "Domain admins", hence they don't have control over Active Directory; neither of them has admin rights on any domain controller, and neither of which has admin privileges on the other group's machines.

    If a workstation admin ever logs into a server, or vice versa, then that group can potentially gain the others' passwords. This is because, with local admin rights, you can take control of a machine remotely and use the other users' permission to do whatever your want.

    Slarty

  2. #12
    hey zooligan - you wouldn't happen to be in Atlanta would you?

  3. #13
    Banned
    Join Date
    Aug 2004
    Posts
    534
    another way... i'm not gonna go into details is to install a script/batch to run at startup which will automatically add an user into to domain admin group given that it is run while authorised person is logged in.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •