We have recently switched to Sever 2000 using Active directory and I now find myeself in a debate with one of our other network administrators.
Currently even though we are set up as Domain Administrators if we want to see or change any security settings (network address, security event logs, etc) on a computer within that domain we have to log on to that local machine as a local administator to give our domain id access as a local administrator.
To me this seems that we did something wrong when we first set things up, that as a network administrator we should automatically have full access to each machine that we log into so that changes can be made without having to jump through hoops first. However my co-worker thinks that it is perfectly normal and is all part of Active Directory. I have been wrong before so I am curious if I am again.