Link to home
Start Free TrialLog in
Avatar of jgantes
jgantes

asked on

Security iwth Windows Server 2003 Administration Tools Pack -- Anyone can see everything?

We just started using the Windows Server 2003 Administration Tools Pack on a couple of laptops.  It's great and works fine.  However, I installed the pack on several users machines (just for kicks to see how it works) and they are only USERS in the domain and can VIEW just about everything!  They can even modify a couple of things.  

Where is the security to people out from being able to do anything to our controllers if they stumble upon the admin pack!

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi!

Limited user is not able to install adminpak.msi and even if you install it as administrator, domain user should be not able to modify AD. I'm curios what kind of modificitaions are you talking about?

Toni
Avatar of jgantes
jgantes

ASKER

Oddly, when I installed on a Domain Users machine they could make some simple modifications.  For th emost part, you are correct, they couldn't do much at all but view.  And, understandably, they need to be able to read from the directory otherwise AD couldn't function :-)  

They could modify:
1) Under our Office_Computers OU, they could modify the membership of a computer, but nothing else.(Once I click ok here it says NO PERMISSIONS)

2) In our Office_Users OU, they could modify items on the Terminal Service Profiles tab.

3) In our Office_Users OU, they could modify items on the Remote Control tab.

4) In our Office_Users OU, they could modify Direct Reports on the Organization tab

5) In our Office_Users OU, they could modify items on the Environment tab

6) In our Office_Users OU, they could modify Membership on the Member of Tab (Once I click ok here it says NO PERMISSIONS)

I'll need to do some more reading on the items you listed above.  I only want select admins to be able to work in this program.  Also, is there a way to restrict WHAT they can do in the tool kit?

I did a good amount of reading on MS site, but that was after another problem I was dealing with regarding the "UseInternnetPorts" key on our controller... so I was a little tired.

Thanks!