Without having more detail, I would say that you could use a combination of
user permissions and user-level group policy. It's hard to say more than
that without knowing exactly what it is that you want to restrict them from
doing. As a rule, you should look to grant permissions/policies that give
them the bare minimum they need to perform their job functions.
Devin
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of wjbox1-guard (at) yahoo (dot) com [email concealed]
Sent: Thursday, August 30, 2007 2:19 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Active Directory
What is the easiest way to lock an lower level administrator from using the
PC via Active Directory?
When disabling a computer what else can be done with out having to block the
IP address or MAC to make sure the PC does not get on the network and or
changed the computer name?
user permissions and user-level group policy. It's hard to say more than
that without knowing exactly what it is that you want to restrict them from
doing. As a rule, you should look to grant permissions/policies that give
them the bare minimum they need to perform their job functions.
Devin
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of wjbox1-guard (at) yahoo (dot) com [email concealed]
Sent: Thursday, August 30, 2007 2:19 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Active Directory
What is the easiest way to lock an lower level administrator from using the
PC via Active Directory?
When disabling a computer what else can be done with out having to block the
IP address or MAC to make sure the PC does not get on the network and or
changed the computer name?
[ reply ]