stop local server admins loading MMC + AD plugins ?

S

scott

Hi,

I setup a SQL server 2000 on a 2k member server on a 2k AD domain. I need
developers to have "local" admin rights when they login but dont want them
to be able to load the MMC console and add AD User + Computer plugin.

Is this possible ?

Thanks
Scott
stop local server admins loading MMC + AD plugins ?
 
S

Steven L Umbach

Local administrators are a very powerful group and you can hide things from them but
a malicious user will be able to find ways around most restrictions. Having said that
you can use Group Policy to restrict mmc snapins to "domain users". Note that domain
user configuration will NOT apply to local user logons. You can also configure Local
Security Policy via gpedit.msc but it will apply to all local users and a local
administrator could possibly reverse the changes. Anyhow the settings you want are
under user configuration/administrative templates/Windows Components/Microsoft
management console. You could create an Organizational Unit for those uers. Then
create a new GPO for the OU with your restrictions in place and then add those users
to the OU. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

stop local admin users running ACT DIR from mmc ? 6
block access to mmc on member server ? 1
MMC Console on Win2k Server instantly closes 1
2003 terminal server licences on 2000 AD domain which hosts 2000 licence server ? 1
Setting up local machine admins from GPO 3
How to limit software installation to Admins only? 6
proposed changes to UAC mechanism, RunAs, and documentation 3
Windows Server 2008 w/Exchange 2007 Authentication on Active Direc 1

Top