ROAMING LOGIN

  • Thread starter Thread starter Marie Price
  • Start date Start date
M

Marie Price

when someone uses a roaming log in to a computer from a
different location does he automatically carry over his
administration security?

I have 2 separate network, each have a different admin
account. lets say x network allows y roaming user in,
does the y roaming user bring in his admin security? i.e.
can create directory and can install software?

thanks
 
Marie said:
when someone uses a roaming log in to a computer from a
different location does he automatically carry over his
administration security?

I have 2 separate network, each have a different admin
account. lets say x network allows y roaming user in,
does the y roaming user bring in his admin security? i.e.
can create directory and can install software?

thanks

Local admin security is set on the workstation, which can also be controlled
via group policy.

But with regard to roaming, I'm not sure what you mean. Is this two domains?
Do the domains have trusts between them?
How are they connected?
 
what I have is 2 separate network. they can talk via a
trust connection.

domain wrps is the main domain.
domain gps users are logging in with roaming profile.

the problem I see is that some of these users have admin
privileges in their network. when they sign in their
profile leaves behind a bunch of files in the documents
and settings on the pc they logged on.

my question is, if they log in using roaming profiles, can
they use their administrative privileges to install
software on the pc they have just logged into?

thanks
 
Marie said:
what I have is 2 separate network. they can talk via a
trust connection.

domain wrps is the main domain.
domain gps users are logging in with roaming profile.

the problem I see is that some of these users have admin
privileges in their network.

What domain groups are they members of?
when they sign in their
profile leaves behind a bunch of files in the documents
and settings on the pc they logged on.

my question is, if they log in using roaming profiles, can
they use their administrative privileges to install
software on the pc they have just logged into?

If they effectively get local admin rights, they can do pretty much whatever
they wish. The profile isn't really relevant.
 
my domain is wrps

user is from another network called gps, he has roaming
profile (have no idea what his gps privs are, but I
suspect he has admin privs)

he was not setup as administrator to wrps local pcs,
unless he was able to do it himself.

I just want to make sure that his gps admin role does not
allow him to install software on the wrps pc.

and I don't understand why the roaming profile, created a
bunch of file on the wrps pc. after he logs off, the
files remains.

i.e. c:\documents and settings\gpsuser\.........

he is logging on all over the place, and leaving megs
worth of files.

thanks
 
marie said:
my domain is wrps

user is from another network called gps, he has roaming
profile (have no idea what his gps privs are, but I
suspect he has admin privs)

he was not setup as administrator to wrps local pcs,
unless he was able to do it himself.

Check the membership of the local admin groups. Domain admins are members by
default - who else is?
I just want to make sure that his gps admin role does not
allow him to install software on the wrps pc.

It will. If the local admins group contains the domain admins group (or
another group of which he is ultimately a member, via the trust), he has
local admin rights.
and I don't understand why the roaming profile, created a
bunch of file on the wrps pc. after he logs off, the
files remains.
i.e. c:\documents and settings\gpsuser\.........

he is logging on all over the place, and leaving megs
worth of files.

thanks

You'd see this even if he didn't have a roaming profile - and you probably
see similar folders for your "local" domain users' logins, as well. You can
disable the caching of domain profiles via group policy, but this will apply
to all users by default...AFAIK.
 
thanks for the help!


-----Original Message-----


Check the membership of the local admin groups. Domain admins are members by
default - who else is?

It will. If the local admins group contains the domain admins group (or
another group of which he is ultimately a member, via the trust), he has
local admin rights.



You'd see this even if he didn't have a roaming profile - and you probably
see similar folders for your "local" domain users' logins, as well. You can
disable the caching of domain profiles via group policy, but this will apply
to all users by default...AFAIK.




.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top