| Author |
Message |
Forch
Guest
|
 Posted:
Tue Jan 11, 2005 9:17 pm Post subject:
Enterprise Admin - Access Denied |
|
|
Good day,
I have just created a Child Domain with 2 members servers.
Using my account which is a member of the “Enterprise Admins” group, I can
access the Child Domain Controller via Remote Desktop, but I am not able to
access the member servers. I have no problems logging in with a
CHILD_DOMAIN\DOMAIN ADMINS account.
If I try to access the Child Domain member servers using “Computer
Management” from my workstation (which is in the parent domain), I am not
able to view the event log, or assign users to the local groups.
I was under the impression that a person with “Enterprise Admin” rights
automatically has Administrator rights on all Child Domain servers and
workstations. Is that not the case?
Please help!
Thanks,
Forch |
|
| Back to top |
|
 |
Dmitry Korolyov [MVP]
Guest
|
| Posted:
Tue Jan 11, 2005 9:25 pm Post subject:
Re: Enterprise Admin - Access Denied |
|
|
Nope, Enterprise Admins are automatically added to "Administrators" group in
all domains in the forest. That group, however, has full administrative
permissions on DCs and AD itself - but not on the member servers. The best
you can do is to use Restricted Groups feature of the GP to add Enterprise
Admins group to built-in Administrators group in all child domains - if that
meets your security policy.
--
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Directory Services
"Forch" <Forch@discussions.microsoft.com> wrote in message
news:F40ABBB6-5AA7-414C-A5B1-CE35FC3601E3@microsoft.com...
| Quote: | Good day,
I have just created a Child Domain with 2 members servers.
Using my account which is a member of the "Enterprise Admins" group, I can
access the Child Domain Controller via Remote Desktop, but I am not able
to
access the member servers. I have no problems logging in with a
CHILD_DOMAIN\DOMAIN ADMINS account.
If I try to access the Child Domain member servers using "Computer
Management" from my workstation (which is in the parent domain), I am not
able to view the event log, or assign users to the local groups.
I was under the impression that a person with "Enterprise Admin" rights
automatically has Administrator rights on all Child Domain servers and
workstations. Is that not the case?
Please help!
Thanks,
Forch |
|
|
| Back to top |
|
|
Phillip Renouf
Guest
|
| Posted:
Wed Jan 12, 2005 1:37 am Post subject:
Re: Enterprise Admin - Access Denied |
|
|
As a rule you shouldn't use Enterprise Admin privlidges if they aren't
required. Make an account in the child domain to use for administering that
domain and make it a member of the Domain Admins group for that domain.
Phil
"Dmitry Korolyov [MVP]" wrote:
| Quote: | Nope, Enterprise Admins are automatically added to "Administrators" group in
all domains in the forest. That group, however, has full administrative
permissions on DCs and AD itself - but not on the member servers. The best
you can do is to use Restricted Groups feature of the GP to add Enterprise
Admins group to built-in Administrators group in all child domains - if that
meets your security policy.
--
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Directory Services
"Forch" <Forch@discussions.microsoft.com> wrote in message
news:F40ABBB6-5AA7-414C-A5B1-CE35FC3601E3@microsoft.com...
Good day,
I have just created a Child Domain with 2 members servers.
Using my account which is a member of the "Enterprise Admins" group, I can
access the Child Domain Controller via Remote Desktop, but I am not able
to
access the member servers. I have no problems logging in with a
CHILD_DOMAIN\DOMAIN ADMINS account.
If I try to access the Child Domain member servers using "Computer
Management" from my workstation (which is in the parent domain), I am not
able to view the event log, or assign users to the local groups.
I was under the impression that a person with "Enterprise Admin" rights
automatically has Administrator rights on all Child Domain servers and
workstations. Is that not the case?
Please help!
Thanks,
Forch
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in