Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Domain administrator group add into local administrator group

Posted on 2012-03-24
3
Medium Priority
?
474 Views
Last Modified: 2012-04-23
As I understand , once we join a computer to domain , the domain administrator group will be added into local administrator group .

So, by then the local administrator can act as domain administrator to manage all the domain setting including domain GPO ??  Am I right ??? Please confirm .

If I am right, then the branch office administrator ( local administrator ) can "control" head office domain administrator jobs ???
0
Comment
Question by:kcn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 2

Expert Comment

by:Kelden
ID: 37761281
No. The domain administrator is also a local admin. But the local admin is not a domain administrator. So everything is still secure.
0
 
LVL 8

Accepted Solution

by:
Amit Khilnaney earned 1000 total points
ID: 37761337
As I understand , once we join a computer to domain , the domain administrator group will be added into local administrator group .

Ans = Yes

So, by then the local administrator can act as domain administrator to manage all the domain setting including domain GPO ??  Am I right ??? Please confirm .

Ans = No, local adminstrator cannot act as domain administrator. For Ex. Try this by adding a domain user to the adminstrators group. Even if you are logged on as "local" adminstrator on computer it will ask to provide domain adminstrator credentials.

If I am right, then the branch office administrator ( local administrator ) can "control" head office domain administrator jobs ???

Ans = Incorrect the bracnh office local admin cannot control head office domain administrator jobs
0
 
LVL 80

Assisted Solution

by:arnold
arnold earned 1000 total points
ID: 37762254
Levels of access from lowest to highest
Limited local user
Limited domain user
Local power user
Domain power user
Local admin
Domain admin

Domain based groups have higher ranking because they are to limited to a single machine even though they have the same level rights on each machine.
There are other domain based groups the provide different access lever, rights, but are not mortar to the comparison here dealing with domain versus equivalent local accounts.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question