Local administrator and administrator users – DMZ servers

Home Forums Server Operating Systems Windows Server 2008 / 2008 R2 Local administrator and administrator users – DMZ servers

This topic contains 4 replies, has 2 voices, and was last updated by  nazirahmed 5 months, 3 weeks ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts

  • nazirahmed
    Member
    #167590

    Dear Experts,
    I have a number of windows servers (mostly windows server 2008 ) which are placed in DMZ and are not in the active directory. We use a third-party password management solution for active directory joined servers. The idea is to use one account on each server which is NOT an administrator but has rights to change/reset the password of all other local users on the server including built-in administrator. None of the other users should have permissions to reset/change the password on the server. Any suggestion, such as, local policy, local rights, powershell scripts etc which can help achieve the desired results?
    Many thanks


    wullieb1
    Moderator
    #245772

    I don’t think this is possible without having local admin rights on the machine.

    I know 100% in AD it can be done pretty easily but local systems need to have admin rights.

    Can i ask what accounts you have on a DMZ server that would require password resets?


    nazirahmed
    Member
    #351837

    wullieb1 – thanks for your reply. These can be local admin (built in) or otherwise any account which may or may not have membership of local administrators group. I am aware it can be done for active directory and already using this. I am wondering if there is a way (other than using some third party tools even if they exist) to reset password using an account which is not admin, same concept as domain but on local server level. Thanks,


    wullieb1
    Moderator
    #245774

    As i said its not something that i’m sure can’t be done without AD or local admin rights.


    nazirahmed
    Member
    #351838

    thank you for the response.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.