![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Windows Permission Matrix
- Thread starter Jay_2
- Start date
Mackintire
2[H]4U
- Joined
- Jun 28, 2004
- Messages
- 2,986
You mean like this: http://technet.microsoft.com/en-us/library/cc771990.aspx
Mackintire
2[H]4U
- Joined
- Jun 28, 2004
- Messages
- 2,986
Sorry I actually wanted a breakdown of what an admin can do in AD, we want this so we can cut down the helpdesk users accounts but I need the matrix first to get it through CAB
By default: Domain Admins can do anything to any machine on the domain.
By default: Local Admins can do anything to the machine they are defined on as an admin.
But I am confused by your question as the two sentences I just wrote are in the information I gave you in the link above.
To create adminstrator (like) accounts with more restrictions you need to use the delegation tools in AD: http://technet.microsoft.com/en-us/library/cc756087(v=WS.10).aspx
Mackintire
2[H]4U
- Joined
- Jun 28, 2004
- Messages
- 2,986
If you'd like me to copy and paste the answer for you Admins can:
Access this computer from the network
Adjust memory quotas for a process
Allow logon locally
Allow logon through Remote Desktop Services
Back up files and directories
Bypass traverse checking
Change the system time
Change the time zone
Create a page file
Create global objects
Create symbolic links
Debug programs
Force shutdown from a remote system
Impersonate a client after authentication
Increase scheduling priority
Load and unload device drivers
Log on as a batch job
Manage auditing and security log
Modify firmware environment variables
Perform volume maintenance tasks
Profile single process
Profile system performance
Remove computer from docking station
Restore files and directories
Shut down the system
Take ownership of files or other objects
Access this computer from the network
Adjust memory quotas for a process
Allow logon locally
Allow logon through Remote Desktop Services
Back up files and directories
Bypass traverse checking
Change the system time
Change the time zone
Create a page file
Create global objects
Create symbolic links
Debug programs
Force shutdown from a remote system
Impersonate a client after authentication
Increase scheduling priority
Load and unload device drivers
Log on as a batch job
Manage auditing and security log
Modify firmware environment variables
Perform volume maintenance tasks
Profile single process
Profile system performance
Remove computer from docking station
Restore files and directories
Shut down the system
Take ownership of files or other objects
Thanks for that, i am talking about AD administration, reset passwords, create ou, delete ou, delegate rights to ou, create groups, add users to group, delete groups etc etc. There are a huge number of things an admin can do in AD. I can actually probably pull it from the delegation menus.
Mackintire
2[H]4U
- Joined
- Jun 28, 2004
- Messages
- 2,986
Correct Admins can do everything.
You can restrict them in the delegation menu.
As for all the delegation menu options....that's going to be different depending on your version of the server OS.
You can restrict them in the delegation menu.
As for all the delegation menu options....that's going to be different depending on your version of the server OS.
Mackintire
2[H]4U
- Joined
- Jun 28, 2004
- Messages
- 2,986