If you are talking about blocking the use of the mmc, you can't really do
that. Folks have read access to AD. I would be more concerned with
allowing people to enter your server room than to be using the mmc console.
Micro-managing an already secure system is only going to create a lot of
interuptions, if folks have the authority to make changes they shouldn't be
then take away their privileges.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Andy3691" <> wrote in message
news:848CBBF3-4F43-4B6E-8CB5-...
>I need to lock down access to the AD MSCs to just function on the DCs that
> house AD. I don't want persons on the floor with the msc on their
> desktops/laptops to have access. If someone whats/needs/thinks to do
> something in AD they will need to enter the serverroom where I am and
> justify
> what they intend to do. What is the best way for me to accomplish this?
Similar Threads
Linear Mode
