Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Domain administrator group add into local administrator group

Posted on 2012-03-24
3
Medium Priority
?
476 Views
Last Modified: 2012-04-23
As I understand , once we join a computer to domain , the domain administrator group will be added into local administrator group .

So, by then the local administrator can act as domain administrator to manage all the domain setting including domain GPO ??  Am I right ??? Please confirm .

If I am right, then the branch office administrator ( local administrator ) can "control" head office domain administrator jobs ???
0
Comment
Question by:kcn
3 Comments
 
LVL 2

Expert Comment

by:Kelden
ID: 37761281
No. The domain administrator is also a local admin. But the local admin is not a domain administrator. So everything is still secure.
0
 
LVL 8

Accepted Solution

by:
Amit Khilnaney earned 1000 total points
ID: 37761337
As I understand , once we join a computer to domain , the domain administrator group will be added into local administrator group .

Ans = Yes

So, by then the local administrator can act as domain administrator to manage all the domain setting including domain GPO ??  Am I right ??? Please confirm .

Ans = No, local adminstrator cannot act as domain administrator. For Ex. Try this by adding a domain user to the adminstrators group. Even if you are logged on as "local" adminstrator on computer it will ask to provide domain adminstrator credentials.

If I am right, then the branch office administrator ( local administrator ) can "control" head office domain administrator jobs ???

Ans = Incorrect the bracnh office local admin cannot control head office domain administrator jobs
0
 
LVL 81

Assisted Solution

by:arnold
arnold earned 1000 total points
ID: 37762254
Levels of access from lowest to highest
Limited local user
Limited domain user
Local power user
Domain power user
Local admin
Domain admin

Domain based groups have higher ranking because they are to limited to a single machine even though they have the same level rights on each machine.
There are other domain based groups the provide different access lever, rights, but are not mortar to the comparison here dealing with domain versus equivalent local accounts.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question