Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Administrators vs. Domain Admins 1

Status
Not open for further replies.
hillboy

hillboy

Technical User
May 13, 2002
53
What exactly can a member in the Administrators group do that a Domain Admins member cannot?

I know that the Administrators group is a local group whereas the Domain Admins is global but how does this affect anything?

Thanks in advance for any help.
 
Sort by date Sort by votes
The way it affects things is in how you effectivly administrate your access to the box. you could add single ids into the administrator group but the most effective way in a scenario where you have lots of members in a domain is to go users into a global group. (IE Dom admins) global into loca (local admin) and then plug it into rescouse. For this scenario imagine lots of servers... (20-100) a new chap starts who wants to be an admin on all... You would have to add them to all the local admin groups... The power of Dom admins is it is a global group so you can add users to this at a later stage and this group is already defined on the local servers in the local administrator group so administration becomes less of a burden. Hope this helps..

What exactly can a member in the Administrators group do that a Domain Admins member cannot?

I know that the Administrators group is a local group whereas the Domain Admins is global but how does this affect anything?

Thanks in advance for any help.
 
Upvote 0 Downvote
If a workstation is a member of a domain then the Global Domain Admins group is automatically made a member of the local administrator's group. Thus, if a user logs into a workstation that is a member of a domain and that user is a member of the Domain Admins group, then that user has full administrative rights to the local workstation. The local Administrators group on each workstation has no rights on the domain. Just on the local workstation. Hope this helps.
 
Upvote 0 Downvote
one more to add to what AMCSE said, even if you lose the local administrative password on a system in a domain, you can have administrative rights to the system with the domain admin account and also you can change the local administrative password with the capabilities of the domain admin account.

Just go to User Accounts and change it. hope this clears everyting.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
354
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
134
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
324
fredmartinmaine
fredmartinmaine
froggy8
  • Locked
  • Question
cant add my windows 7 pc to my domain 1
Replies
3
Views
121
hairlessupportmonkey
hairlessupportmonkey
tviman
  • Locked
  • Question
Remote Apps vs Remote Desktop Connection
Replies
0
Views
66
tviman
tviman

Part and Inventory Search

Sponsor

Back
Top