When a new user is added to our Active Directory database, by default, that user has access to all machines. Is there any way to change the domain policy so that, when a user is added, machines are added with this access level by default but, at the same time, deny this option for a second tier admin group? In other words, we have a group with their own admin who is coming into our group, and we would like to make it so this new admin cannot allow their users access to all of our machines.
May 12, 2008 3:37 PM
May 12, 2008 8:07 PM