Avoiding Legacy Built-in Groups
How you can avoid using legacy built-in groups to grant admin-level privileges.
Microsoft documentation on this isn’t clear, but built-in local groups like Account Operators, Server Operators, and others found in the Builtin container of Active Directory are legacy groups that are basically only there to maintain backward compatibility with Windows NT.
If you want to grant users rights to perform certain tasks like create new accounts, reset passwords, and so on, avoid using these built-in groups and use Active Directory delegation instead. Delegation gives you greater control over which groups of users you can assign to perform different kinds of admin-level tasks, and it’s easy to use as well, just right-click on an OU and select Delegate Control and a wizard opens to walk you through the process.
Article written by MyComputerAid.com
2003 server - Sep 30, 2008 22:34 - 0 Comments
instant messaging srv records
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Outlook - Mar 22, 2009 11:22 - 0 Comments
Outlook: Duplicates in Mailbox
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Desktop, Web browsers and Internet, Windows 2000, Windows 7, Windows 98, Windows Firewall and networking, Windows Vista, Windows XP - Feb 8, 2010 18:09 - 0 Comments
Disable Proxy settings in IE
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Leave a Reply
You must be logged in to post a comment.