Isolate the ADUC from the admins

Posted on 2006-05-08
Last Modified: 2010-03-19
Hello ,
We have recently installed net IQ and i have created a group and added all the admins on this group.
But i want to prvent them from accessing start-programs-admin tools-activedirectory users and computers.
How can i do that?

Also , i want to create a global group and add all the admins there and give them local admin rights on the servers , but not on the domain controllers- in order to install patches etc) - I need advice on this too.

Question by:c_hockland
    LVL 48

    Accepted Solution

    Hi c_hockland,

    you need to move these users to a new OU and apply this

    User config\Administrative Templates\Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Active Directory Users and Computers

    either that or use security filtering in the current OU but i would put that setting as a separate policy
    LVL 48

    Expert Comment


    restricted groups will cater for your admin fun

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Let’s list some of the technologies that enable smooth teleworking. 
    Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now