delegate permissions to logon dc-servers

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

In the Active directory I can prevent a user to logon on every workstation. I
can make him logon only on the workstations I select. How can I do the same
thing with a user that should only logon to one domain controller with a
specific admin-account?
 
You really can't. The domain controllers of a domain share the same security
settings.

Anyway, for security reasons, the only people who should be able to write to the
filesystem, modify services, or log on interactively to DCs should be domain
admins and they should also all be enterprise admins. Escalation from
interactive access to full enterprise admin rights can be accomplished by
someone who knows what they are doing.

joe
 
Back
Top