Solved

Domain administrator group add into local administrator group

Posted on 2012-03-24
3
467 Views
Last Modified: 2012-04-23
As I understand , once we join a computer to domain , the domain administrator group will be added into local administrator group .

So, by then the local administrator can act as domain administrator to manage all the domain setting including domain GPO ??  Am I right ??? Please confirm .

If I am right, then the branch office administrator ( local administrator ) can "control" head office domain administrator jobs ???
0
Comment
Question by:kcn
3 Comments
 
LVL 2

Expert Comment

by:Kelden
ID: 37761281
No. The domain administrator is also a local admin. But the local admin is not a domain administrator. So everything is still secure.
0
 
LVL 8

Accepted Solution

by:
Amit Khilnaney earned 250 total points
ID: 37761337
As I understand , once we join a computer to domain , the domain administrator group will be added into local administrator group .

Ans = Yes

So, by then the local administrator can act as domain administrator to manage all the domain setting including domain GPO ??  Am I right ??? Please confirm .

Ans = No, local adminstrator cannot act as domain administrator. For Ex. Try this by adding a domain user to the adminstrators group. Even if you are logged on as "local" adminstrator on computer it will ask to provide domain adminstrator credentials.

If I am right, then the branch office administrator ( local administrator ) can "control" head office domain administrator jobs ???

Ans = Incorrect the bracnh office local admin cannot control head office domain administrator jobs
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 37762254
Levels of access from lowest to highest
Limited local user
Limited domain user
Local power user
Domain power user
Local admin
Domain admin

Domain based groups have higher ranking because they are to limited to a single machine even though they have the same level rights on each machine.
There are other domain based groups the provide different access lever, rights, but are not mortar to the comparison here dealing with domain versus equivalent local accounts.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question