-
May 24th, 2005, 09:11 PM
#11
Suppose you have two groups, "Workstation admins" and "Server admins", neither of which is in "Domain admins", hence they don't have control over Active Directory; neither of them has admin rights on any domain controller, and neither of which has admin privileges on the other group's machines.
If a workstation admin ever logs into a server, or vice versa, then that group can potentially gain the others' passwords. This is because, with local admin rights, you can take control of a machine remotely and use the other users' permission to do whatever your want.
Slarty
-
May 25th, 2005, 02:31 PM
#12
Member
hey zooligan - you wouldn't happen to be in Atlanta would you?
-
May 27th, 2005, 05:28 PM
#13
another way... i'm not gonna go into details is to install a script/batch to run at startup which will automatically add an user into to domain admin group given that it is run while authorised person is logged in.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|