As an sys admin I need access to all computers.
Posted on 2005-04-24
I maintain a small Active Directory OU of some 500 to 600 machines. Most of these machines stay in place for about a year. The problem starts when new machines come in and are added to my OU. They come from many different locations and thus have been built by a variety of different peopel with a wide variety of different ideas on who should and should not have access to the local box. (Sorry for the long sentence..but... I must have the ability to monitor and modify these machines in order to insure that we have the highest level of security; updates; patches; and no and I do mean NO! unauthorized software and other stuff. (Tuff job, but someone...)
I am not a PC tech. I need a resource that can help me understand what some of these other guys have done to block me from getting to ..say, local users and groups; or deny "Remote Desktop Connection" or deny " Symantec to unto update". You get the picture. Can anyone help be get started on this. I would like an answer that involves the use of AD GPO's, then when they go away, they can have their machine back.
I have been althrough the local Group Policies and can not find anything that looks suspect.