No announcement yet.

Ad and exchange security

  • Filter
  • Time
  • Show
Clear All
new posts

  • Ad and exchange security

    How can I set a security or a policy in Windows 2000 advanced server and Windows 2003 SBS, such that when somebody logs into the server with the administrative account they cannot see Active Directory Users and Computers option and they cannot see the Exhange system manager option.
    There should be some way such to create a sub profile within the administrative profile that can make the above options visible or some sort of password protection to view these options. I couldn't figure it out myself. So I need help from u guys!

    I am asking this because in my network, there r couple of third party softwares that need to be updated every two weeks manually. One of the employes in the office can log on to the server with administrative account and can do the updates. But I don't want him to see the AD option or exchange option. Moreover I hope u got my point.
    I know that it is better to create another account as Power User for one of the employes to update the third party software, but it doesn't work with all the third party software update.
    So all in all, if someone can sort out a solution or guide me in the kind of solution that I am looking for as mentioned in the start of the post, it will be really greatfull.

    Anxiously waiting for replies..

    Thanks in anticipation,
    Ability to perform, From Dusk till Dawn.
    Experience is what u get, when u expect something else..

  • #2
    Re: Ad and exchange security

    Clarification please:

    By the "administrative account" do you mean
    The account called "Administrator" or
    Another account with administrative permissions?

    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      More on Ad and exchange security

      By the term administrative account, I mean account with administrator priviliges or in other words, it is Built-in account for administering the computer/domain .
      It is the account that is used to log as an administrator in server.

      There is No renaming and there is no second account with administrator priviliges.
      and there is no decoy Administrator account.

      I hope I answered your question/querey..

      Thanx for reply..

      Ability to perform, From Dusk till Dawn.
      Experience is what u get, when u expect something else..


      • #4
        Re: Ad and exchange security

        There is the item called Delegate Control but I would think that is used more in big server land (Enterprise)
        You may want to consider taking the question to the AD forum?

        Steven Teiger [SBS-MVP(2003-2009)]
        Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

        We donít stop playing because we grow old, we grow old because we stop playing.