compdigit44
asked on
Windows 2008 R2 Domain Controller + Services with Local Admin Rights
We are setting up McAfee SIEM in our environment to tail the DNS log files on our DNS servers which are also DC's. The application requires the service account to be a local admin but of course "local admin" does not exist on a DC... I did find the article below on using the Netlocal group command....
I tried this in my lab and did add the test user to the local administrator group. Here are my questions
What actual rights would this user account have in AD and on other DC?
http://www.richardawilson.com/2010/06/add-user-as-local-administrator-on.html
I tried this in my lab and did add the test user to the local administrator group. Here are my questions
What actual rights would this user account have in AD and on other DC?
http://www.richardawilson.com/2010/06/add-user-as-local-administrator-on.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, it happens. That guys article is truly scary stuff though and really a perfect example of someone out of their depth giving out advice. I was going to comment on his article but I see many others have already and he still has not updated his advice. Very poor form not to go back and correct himself.
ASKER
agreed could you clear up my confusion so to the permissioin difference between the "Administrators" group and Domain Admins.... if any
ASKER
I guess I am having a mental block. You think Domain Admin group as the main group but get confused with the "Administrators" group as well..