Question : Local Computer / Domain Permissions for administrator user account

Here is the deal... All of our computers have 'administrator' as the local admin account. We also have a domain account 'administrator' that is under domain admins group. We have the same password set for both, so its universal. We need to clamp down on security and tracking, so here is what we need to do.

I would like to rename the local admin account, for sample purposes lets call it 'god'. I have already done this on some computers without any trouble. This account is for local login and for doing local machine work. I would like to have this account with domain privilidges so it can mount drives/printers, so I made an account 'god' on the domain. But...now since I have the god account on the domain, I can log in anywhere domain\god. I do not want this, I just want the permissions to access drives/printers/resources...but it cannot log in.

local\god - local computer login, access to network resources
domain\god - 8*CANNOT login**, ...but I may need this account for network resources, idk.

How can I do this?

Answer : Local Computer / Domain Permissions for administrator user account

You're looking at it the wrong way... there are two types of directives in Group Policy -- COMPUTER and USER. What you are trying to do is set a COMPUTER policy... your client computers already have names and that is how you grant them permissions (separate from the USER on the computer). There is also a third type of object in Group Policy... GROUPS. Either a COMPUTER or a USER can be a member of a GROUP.

There is no need to devise a new methodology for this. PLUS, you can't make a LOCAL profile have DOMAIN priveleges (via Group Policy Objects)... it's just local... and a domain directive will always override it.

GPOs are processed in the following order:

The local GPO is applied.
GPOs linked to sites are applied.
GPOs linked to domains are applied.
GPOs linked to OUs are applied -- in order of OU heirarchy.

Here's the lowdown on Computers, Users & Groups:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/adusers.mspx

And on how the policies are applied:
http://go.microsoft.com/fwlink/?linkid=18671

Jeff @
TechSoEasy

Random Solutions

CRM Integration w/ 3rd Party Email Campaign Service

How do I add 2 forwarding adress' for a single mailbox

Swf Param via html do not work in firefox. just i explorer

Folder Shares on Windows Server 2003 - Concurrent Connection Limit Reached

MS Access: E-mailing a Parameter Query-Based Report

help modifying javascipt for a checkbox control

After running MalwareBytes, computer keeps restarting.

Problems installing Apache 2.2.6 w/ OpenSSL on Windows XP SP2

loadMovie() within a loaded movie???

How to install GD.pm on Windows 2000