georgecooldude
asked on
administrator and administrators OU's in AD? What are there roles?
I am reading through my administrators guide to windows 2003 and in the "active directory objects" it goes over the different roles, domain admins, domain guests etc.
I noticed it has an "Administrator" and an "Administrators" group. What is the difference? Is one a local admin acccount giving full control on the computer locally and the other a server admin account?
Please explain.
Thanks
I noticed it has an "Administrator" and an "Administrators" group. What is the difference? Is one a local admin acccount giving full control on the computer locally and the other a server admin account?
Please explain.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
georgecooldude
Yup, exactly right.
Store the password for the Administrator account in a safe place, just in case you need it.
Cheers
JamesDS
Yup, exactly right.
Store the password for the Administrator account in a safe place, just in case you need it.
Cheers
JamesDS
ASKER
Thanks JamesDS,
With this account do I also have control locally on the computer I logged in with?
I tryed something similar before but was unable to change such settings as the system time.
I know with NT server if you were a member of the administrators group you could do what you liked. It seems and i may be wrong here but to adjust settings locally on computers I have to setup a local administer account on the computer and cannot use my account on the windows 2003 server to adjust things specific to the local computer. Is there a way around this as I dont have time to create local admin accounts on our 100 or so PC's.
With this account do I also have control locally on the computer I logged in with?
I tryed something similar before but was unable to change such settings as the system time.
I know with NT server if you were a member of the administrators group you could do what you liked. It seems and i may be wrong here but to adjust settings locally on computers I have to setup a local administer account on the computer and cannot use my account on the windows 2003 server to adjust things specific to the local computer. Is there a way around this as I dont have time to create local admin accounts on our 100 or so PC's.
georgecooldude
The Local Machine is not same security boundary as the Domain.
Make the "Domain Admins" group a member of the local Administrators group on the workstation and then join your administrative user account to the Domain Admins group.
Cheers
JamesDS
The Local Machine is not same security boundary as the Domain.
Make the "Domain Admins" group a member of the local Administrators group on the workstation and then join your administrative user account to the Domain Admins group.
Cheers
JamesDS
ASKER
"Make the "Domain Admins" group a member of the local Administrators group on the workstation"
Where can this be done on a windows XP Pro machine? I am logged in under a windows NT server administrator account. Should I log in as the local administrator account?
Where can this be done on a windows XP Pro machine? I am logged in under a windows NT server administrator account. Should I log in as the local administrator account?
ASKER
ok i think i found it.
Its in control panel, then users, and then I click the advanced tab and then the advanced management option. I then get a new box pop up with:
Local users and groups.
- users
- groups
I guess I should add the domain admins to the "groups" bit then. :-)
Its in control panel, then users, and then I click the advanced tab and then the advanced management option. I then get a new box pop up with:
Local users and groups.
- users
- groups
I guess I should add the domain admins to the "groups" bit then. :-)
ASKER
Ah, I've found my answer. :)
ASKER
There are 3 of us who I would like to be administrators. I'll ass us all to the administrators group. I assume this means I don't need to do anything to the Administrator user