BYRONJACKSON
asked on
Restrict users that can be added to specific groups - Schema Admin, Domain Admin, Enterprise Admin
Hello All,
I would like to ensure that no unauthorised changes can be made to any of the Schema, Domain and Enterprise groups. Basically in the unlikely event that someone manages to elevate permission - I want the additional "user" that has been added to be removed.
Can anyone advise with details on how to achieve
Best regards
Byron
I would like to ensure that no unauthorised changes can be made to any of the Schema, Domain and Enterprise groups. Basically in the unlikely event that someone manages to elevate permission - I want the additional "user" that has been added to be removed.
Can anyone advise with details on how to achieve
Best regards
Byron
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The Administrator account has unrestricted privileges. So removing any unwanted users can always be done by a domain admin or local admin.
As for privilege elevation this cannot be done if you as a domain/local admin have restricted the users in a group to a specific set of privileges which doesn't include elevating privileges.
As for privilege elevation this cannot be done if you as a domain/local admin have restricted the users in a group to a specific set of privileges which doesn't include elevating privileges.
oops just missed by a few minutes
ASKER