Hello everyone,
In Active Directoy I have the "Domain Admins" security group and a new security group "Alternate Domain Admins". You ask why...?
There are some people who cannot perform their job if not a "Domain Admin". However, these individuals should NOT have access to dsa.msc (ADUC)/and many other places... Anyway,...
I placed thes people in the Alternate group and did an explicit DENY for them on every container inside of AD so that they could not manipulate and AD objects, folders, etc.
Problem: They can't log into a Terminal Server / Session...? Can anyone help me here? What attribut do I need to Un-Check so that they can log into a Terminal session?
Thanks!
Brandon
In Active Directoy I have the "Domain Admins" security group and a new security group "Alternate Domain Admins". You ask why...?
There are some people who cannot perform their job if not a "Domain Admin". However, these individuals should NOT have access to dsa.msc (ADUC)/and many other places... Anyway,...
I placed thes people in the Alternate group and did an explicit DENY for them on every container inside of AD so that they could not manipulate and AD objects, folders, etc.
Problem: They can't log into a Terminal Server / Session...? Can anyone help me here? What attribut do I need to Un-Check so that they can log into a Terminal session?
Thanks!
Brandon
