Solved

Domain administrator group add into local administrator group

Posted on 2012-03-24
3
469 Views
Last Modified: 2012-04-23
As I understand , once we join a computer to domain , the domain administrator group will be added into local administrator group .

So, by then the local administrator can act as domain administrator to manage all the domain setting including domain GPO ??  Am I right ??? Please confirm .

If I am right, then the branch office administrator ( local administrator ) can "control" head office domain administrator jobs ???
0
Comment
Question by:kcn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 2

Expert Comment

by:Kelden
ID: 37761281
No. The domain administrator is also a local admin. But the local admin is not a domain administrator. So everything is still secure.
0
 
LVL 8

Accepted Solution

by:
Amit Khilnaney earned 250 total points
ID: 37761337
As I understand , once we join a computer to domain , the domain administrator group will be added into local administrator group .

Ans = Yes

So, by then the local administrator can act as domain administrator to manage all the domain setting including domain GPO ??  Am I right ??? Please confirm .

Ans = No, local adminstrator cannot act as domain administrator. For Ex. Try this by adding a domain user to the adminstrators group. Even if you are logged on as "local" adminstrator on computer it will ask to provide domain adminstrator credentials.

If I am right, then the branch office administrator ( local administrator ) can "control" head office domain administrator jobs ???

Ans = Incorrect the bracnh office local admin cannot control head office domain administrator jobs
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 37762254
Levels of access from lowest to highest
Limited local user
Limited domain user
Local power user
Domain power user
Local admin
Domain admin

Domain based groups have higher ranking because they are to limited to a single machine even though they have the same level rights on each machine.
There are other domain based groups the provide different access lever, rights, but are not mortar to the comparison here dealing with domain versus equivalent local accounts.
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question