Impacts on disabling domain\administrator

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Can you run a domain with no central administrator account? After thinking what SaltPeter suggested to me, it would be good if the account was just disabled, and only unique accounts were used for server software (for services, etc), and each domain admin had their own account. Admittedly, it creates more accounts, but then I can create security policies and login blocks for these ...
 
ZFetsh said:
Can you run a domain with no central administrator account? After
Click to expand...
thinking what >SaltPeter suggested to me, it would be good if the account
was just disabled, and only >unique accounts were used for server software
(for services, etc), and each domain admin >had their own account.
Admittedly, it creates more accounts, but then I can create security
policies and login blocks for these ...
Click to expand...

Please don't put words in my mouth, i never said that disabling the domain
admin was an option or solution. Rather, i specified that its best not to
distribute access to that account to all users who need to manage a subset
of your network.

Since a W2K OU is the logical equivalent of an NT4 domain, it just doesn't
make sense to provide a user with domain-wide rights and permissions in
order to manage a W2K OU. Add that to the fact that OUs can be governed by
their own GPOs, can hold groups, users, printers, folder shares, not to
mention the delegation wizard, and you'll realize that the OU, not the
domain should provide the security boundaries in your namespace.
 
i disabled the administrator account with no consecuences, but i first create an account with administrative rights, but i don't know it would have consecuences in the future, so far everything is ok.
 
mosquito_hippy said:
i disabled the administrator account with no consecuences, but i first
Click to expand...
create an account with administrative rights, but i don't know it would have
consecuences in the future, so far everything is ok.

You and i are not on the same wavelength. I wasn't refering to a local admin
account (i thought i had made that abundantly clear). I'm refering to users
given membership to the domain administrators. A built-in account that can't
be deleted. You are describing a local account that may, or may not be, a
member of the domain's administrators.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How can I disable the use of regedit and regedt32? 5
Restricting Local User Account 1
Administrator.<machine name> ?!?!?!?!?! 2
domain administrator password lost 2
Do I need a Local admin account? 2
Computer account in it's primary domain is missing or... 11
For one server only, services now run only under local system - no 1
Local policy will not allow login inteactively. 3

Back
Top