Securing DNS MMC

T

Tim Hemmerling

We are in the process of replacing our ancient Bind
servers with Win2K DNS servers. We do not plan on using
the AD integrated DNS as our DNS administrator is a Unix
person and needs to have the ability to manually maintain
records.

What we would like to do is lock the DNS MMC console so
that other admins within the network cannot get into the
console. Is there any mechanism, short of putting the DNS
servers in a standalone workgroup, to lock the console?

Thanks,
Tim Hemmerling, MCP
 
H

Herb Martin

What we would like to do is lock the DNS MMC console so
that other admins within the network cannot get into the
console. Is there any mechanism, short of putting the DNS
servers in a standalone workgroup, to lock the console?
Click to expand...

Don't make admins that are not really admins. Make them
users with SOME admin priveleges.

You can try making a group (of them) and denying access
but you will have to work at it that way.

(An admin can always find SOME way to get around
permissions and rights but the default is a DENY overrides
a GRANT even for admins so it might at least remind them
that they are not allowed and make a business rule that says
"If you do this, you can look for a new job."
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD Integrated DNS, Capitalization of FQDN problem 2
AD Integrated DNS 1
How to Harden Public MS 2K3 DNS? 6
2000 DNS and win98 clients 3
Internal vs External DNS 3
dns on multiple domains 7
New to DNS Admin - Root-hints & IMCP packets 2
DNS at two sites 6

Top