Announcement

Collapse
No announcement yet.

reset admin password

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • reset admin password

    I was wandering thru the site about it, but something I havent read is include as policy on domain an user with admin rights aslocal user thru the policis

    is this correct?

  • #2
    Please try to write in English, we cannot understand your language. Thanks.
    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

    Comment


    • #3
      Daniel, thank you for your kindly words.

      Although, the question remains, (oops thats the currect tense of the verbe?)

      Is possible through the domain policy to include a local admin user on a machine?

      Thanks

      Comment


      • #4
        I believe you can control membership of local groups through a GPO but I do not know whether or not that automatically adds members or just removes non-authorised members when the GP is applied


        Tom
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Awfully just do it, removes but not include, and it makes me wonder, because the logical path is to have full rights over the domain, I'll kepp trying
          Thnaks TOM

          Comment


          • #6
            Yes, you can add domain users to local groups such as the local administrators.
            Cheers,

            Daniel Petri
            Microsoft Most Valuable Professional - Active Directory Directory Services
            MCSA/E, MCTS, MCITP, MCT

            Comment


            • #7
              Daniel, yes, you could do that, after you logged as administrator, I do not why, but in the middle of the issue the server was with his administrator (renamed) blocked....

              but, we recovered another user/password buried somewhere , as always happen......

              After that, yes, you could include, but on the server looking to the domain, not the from the domain, if it were possible, there is no need for any mess, you only need to include on the domain as local policy for the equipment and that is enough, and I tried it,both sides, maybe i made something wrong, but I do not think so

              But, I appreciate the help and the guidance from your site, my main area of expertise is communications, not servers, but i'll keep reading and if i could help somebody with something i'll be glad,

              cheers and thanks

              Comment


              • #8
                What OS and what SP are you talking about? W2K with SP1 or no SP at all had some problems with the restricted groups feature is GPO.
                Cheers,

                Daniel Petri
                Microsoft Most Valuable Professional - Active Directory Directory Services
                MCSA/E, MCTS, MCITP, MCT

                Comment


                • #9
                  Daniel, W2K and SP4 patched updated. Really, if it were possible, you could override local security with domain security, this makes sense to me, but i tested it and doesnt work, maybe I made something wrong, dont know.
                  Nevertheless, as soon I have time I make a workbench test with the following configuration

                  server logged with an user without rights, as member server of a domain
                  in the AD domain server a policy to include users on the member servers, and this users are domain admin users, so , if everything propagates downside, they must be local admin of the member server? this is the end question, if the answer is yes, I made something wrong somewhere, if not, something could not be done, dont know again

                  the only way that i included through GPO domain admins to the local admins groups was ake out of domain the server and afer that getting into to the domain, but, to do it you need the local admin, and i made it after I recovered the user/password

                  but, as always, put the user admin on the vault, and repeat this as a mantra 100 times

                  again, thanks for your time and help, to you maintaing this site and the people who reads this, and unfortunately, my native tongue is not french, it it were so, surely I'll be gad to help translating the site.

                  Cheers

                  Comment

                  Working...
                  X