delegate permissions to logon dc-servers

G

Guest

In the Active directory I can prevent a user to logon on every workstation. I
can make him logon only on the workstations I select. How can I do the same
thing with a user that should only logon to one domain controller with a
specific admin-account?
 
J

Joe Richards [MVP]

You really can't. The domain controllers of a domain share the same security
settings.

Anyway, for security reasons, the only people who should be able to write to the
filesystem, modify services, or log on interactively to DCs should be domain
admins and they should also all be enterprise admins. Escalation from
interactive access to full enterprise admin rights can be accomplished by
someone who knows what they are doing.

joe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Win2000 DC logon with domain admin account problem 3
Workstation Logon 1
Delegate full rights to a DC? 2
delegate DHCP authorization 3
How can the Admin gives permission to the User to access the internet? 0
Users in Win98 workstations having account locked in Active Direct 5
Logon interactively with domain account to disconnected DC ? 2
Crashed Controller, Recreated, Logon Problems 3

Top