[Samba] Running GPMC with a user who is a member of Domain Admins
Rowland penny
rpenny at samba.org
Wed Apr 7 08:07:37 UTC 2021
On 07/04/2021 08:50, Stefan Bellon via samba wrote:
> On Wed, 07 Apr, L.P.H. van Belle via samba wrote:
>
>> On the question, what qualifies a user as Administrator?
>> In our network, nobody is allowed to do regular work, when your
>> having Adminsitrator rights.
> That's of course obvious.
>
>> Your working or being able to change security settings, install
>> software and hardware, access all files on the computer, and make
>> changes to other user accounts. This all is security problem when
>> your working with Adminsitrative rights.
> Also obviously agreed upon.
>
> What I do not understand - you said:
>
>> [...] user which was added to "domain admins" which is a big NO NO..
> My question is a technical one, not a philosophical one: How could a
> personalized user account be "administrative" if not added to the
> appropriate group, in this case "Domain Admins". So, how else should a
> user perform domain administrative tasks, if it's not a specifically
> created user account that is member of the "Domain Admins" group?
>
> Greetings,
> Stefan
>
I think what Louis is trying to say is, you shouldn't use a normal
account to do administrative tasks. You should create an account, add
this to Domain Admins or Administrators and use that account for
administrative tasks. For example, if you have an account 'stefan', do
not use that account for administrative tasks, create another account,
'stefan_admin' for instance, add this account to Domain Admins and use
it only for administrative tasks.
Rowland
More information about the samba
mailing list