 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows XP / Security and Administration / September 2004ROAMING LOGIN
when someone uses a roaming log in to a computer from a different location does he automatically carry over his administration security? I have 2 separate network, each have a different admin account. lets say x network allows y roaming user in, does the y roaming user bring in his admin security? i.e. can create directory and can install software? thanks > when someone uses a roaming log in to a computer from a > different location does he automatically carry over his [quoted text clipped - 6 lines] > > thanks Local admin security is set on the workstation, which can also be controlled via group policy. But with regard to roaming, I'm not sure what you mean. Is this two domains? Do the domains have trusts between them? How are they connected? what I have is 2 separate network. they can talk via a trust connection. domain wrps is the main domain. domain gps users are logging in with roaming profile. the problem I see is that some of these users have admin privileges in their network. when they sign in their profile leaves behind a bunch of files in the documents and settings on the pc they logged on. my question is, if they log in using roaming profiles, can they use their administrative privileges to install software on the pc they have just logged into? thanks > what I have is 2 separate network. they can talk via a > trust connection. [quoted text clipped - 4 lines] > the problem I see is that some of these users have admin > privileges in their network. What domain groups are they members of? > when they sign in their > profile leaves behind a bunch of files in the documents [quoted text clipped - 3 lines] > they use their administrative privileges to install > software on the pc they have just logged into? If they effectively get local admin rights, they can do pretty much whatever they wish. The profile isn't really relevant. > thanks my domain is wrps user is from another network called gps, he has roaming profile (have no idea what his gps privs are, but I suspect he has admin privs) he was not setup as administrator to wrps local pcs, unless he was able to do it himself. I just want to make sure that his gps admin role does not allow him to install software on the wrps pc. and I don't understand why the roaming profile, created a bunch of file on the wrps pc. after he logs off, the files remains. i.e. c:\documents and settings\gpsuser\......... he is logging on all over the place, and leaving megs worth of files. thanks >-----Original Message----- >> what I have is 2 separate network. they can talk via a [quoted text clipped - 22 lines] > >. > my domain is wrps > [quoted text clipped - 4 lines] > he was not setup as administrator to wrps local pcs, > unless he was able to do it himself. Check the membership of the local admin groups. Domain admins are members by default - who else is? > I just want to make sure that his gps admin role does not > allow him to install software on the wrps pc. It will. If the local admins group contains the domain admins group (or another group of which he is ultimately a member, via the trust), he has local admin rights. > and I don't understand why the roaming profile, created a > bunch of file on the wrps pc. after he logs off, the > files remains. > i.e. c:\documents and settings\gpsuser\......... > > he is logging on all over the place, and leaving megs > worth of files. > > thanks You'd see this even if he didn't have a roaming profile - and you probably see similar folders for your "local" domain users' logins, as well. You can disable the caching of domain profiles via group policy, but this will apply to all users by default...AFAIK. >> -----Original Message----- >>> what I have is 2 separate network. they can talk via a [quoted text clipped - 22 lines] >> >> . thanks for the help! >-----Original Message----- >> my domain is wrps [quoted text clipped - 60 lines] > >. > thanks for the help! You're most welcome! >> -----Original Message----- >>> my domain is wrps [quoted text clipped - 60 lines] >> >> . |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.