Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Permission to install hardware on Domain Controller
- Thread starter nate2345
- Start date
You need to be Domain Admin to install the software, but any monkey with a screwdriver and physical access can install the hardware.
If the hardware is plug & play compatible and is known to the OS it may install itself without prompting ofr software. If drivers or software are required then you will need the Admin priviledges.
I hope you find this post helpful.
Regards,
Mark
If the hardware is plug & play compatible and is known to the OS it may install itself without prompting ofr software. If drivers or software are required then you will need the Admin priviledges.
I hope you find this post helpful.
Regards,
Mark
- Thread starter
- #3
Thanks for the reply. My problem is, wouldn't it make sense to be able to delegate the above priveleges without access to AD for maintenance of the server and to protect the AD? Wouldn't Microsoft have thought about this by now? Now I need to do all the maintenance myself because I don't want to give anyone else the ability to modify the AD. Am I right?
Thanks,
Nate
Thanks,
Nate
- Thread starter
- #5
Is there any relatively cheap software that can monitor what changes were done by any domain admin user to active directory? Or is there a way to setup the security logs to accomplish the same thing with detailed info about who made a change? In this way I can give other people admin rights but monitor what is done.
This is a training and change management issue and not a technical one. You should investigate ITIL and MOF training.
Setup processes and train your users to follow them.
You want a cheap solution, use Notepad! I used ot keep a log in notepad where I would enter everything I did on a server. using the F5 key in notepad will insert the current date and time which makes it really easy to track activity.
Bottom line is that if you can't trust someone to do the right thing then DON'T trust them on your servers.
I hope you find this post helpful.
Regards,
Mark
Setup processes and train your users to follow them.
You want a cheap solution, use Notepad! I used ot keep a log in notepad where I would enter everything I did on a server. using the F5 key in notepad will insert the current date and time which makes it really easy to track activity.
Bottom line is that if you can't trust someone to do the right thing then DON'T trust them on your servers.
I hope you find this post helpful.
Regards,
Mark
- Thread starter
- #7
Mark,
Thanks, for the replies. This feature is something my manager wants before giving anyone else full access to the Domain Controller, even though they won't be messing with active directory, just doing DC maintenance.
I want to pick up a windows scripting language - which do you suggest starting with. And are there any good resources from where to begin learning, preferrably on the web?
Thanks again,
Nate
Thanks, for the replies. This feature is something my manager wants before giving anyone else full access to the Domain Controller, even though they won't be messing with active directory, just doing DC maintenance.
I want to pick up a windows scripting language - which do you suggest starting with. And are there any good resources from where to begin learning, preferrably on the web?
Thanks again,
Nate
I make extensive use of vbscript. Great place to start is microsoft.com/scripting. from there you can download the vbscript manual, sample scripts tons of stuff. I am also fond of the site They have a good vbscript online reference.
I hope you find this post helpful.
Regards,
Mark
I hope you find this post helpful.
Regards,
Mark
- Status
Similar threads
- Locked
- Question