General discussion

Locked

User and Administar Have Same Rights

By salmanniaz ·
Hi,
I have windows 2003 server as domain, and windows xp professional as client windows.

I got two accounts one is "Adminisrator" and other is "salman" in active directory.

When ever i log on from my client window, using any one of the account(either admin or user). both get the same rights. and accesibility to c: of the local computer.
similarly both have the same install and uninstall options..... how i can conrtrol that?

i created my user account by copying a buitin user account.so i think i have to implement a security resrtiction. Please tell me how i can Create or manage it..?
ok..plzz help me out
Thanks

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to User and Administar Have ...

don't make the local machine administrators account associated with the domain users account. If you copy the local user account with happens to be the local machine administrators account and use that for the domain user, you've granted local machine admin privileges to the domain user.

Delete the accounts in question and recreate them using Active Directory users and computers using the domain users account.

Collapse -

by CG IT In reply to

I think what your question is how to protect the administrative share c$ which is accesible by \\<server>\C$

the C$ share is for administrative purposes and is hidden from users. only those users with administrative rights can access this share.

In a windows Active directory environment, there are different security groups of which there is the domain admins security group and domain users security group. How you initially setup user accounts and what security group you place them in determines their basic rights. You can further limit or expand user permissions to access shared resources with NTFS.

Many small companies place the local machine administrative account with the domain users account to allow users control over their machine. When this is done, users can install programs onto their machine without granting power user rights or admin right or having to use the run as to install programs. Associating the local machine admin account with a domain users account does not grant the user admin rights in the domain. Only rights to the local machine which can be trumped with group policy should the need arise.

Collapse -

what does it mean...

by marko In reply to

Please tell me, what do you exactly mean by "Associating the local machine admin account with a domain users account" ...

Collapse -

by salmanniaz In reply to User and Administar Have ...

Hi, Thanks Very Much.
But Tell me, is there any policy? in Server Side(windows 2003 server) so that, if i login from a user login first time it should automatically aquire the User Settings.

One Thing is confusing me in Active Directory
That an Adminsratory Accout Type is User.
And at the Same time Why a user("like salman") have the same account type user..????

An other thing comes into my mind is that, both user and Administrator have samy Account Type that is user, But Administrator is only the Membor of Domain Admins.

similarly can u tell me, my Domain is Global, but not local..

is it makes any difference.?

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums