Resticting Members of BuiltinAdministrator to just be able to create Domain Trust

Tags:
Administration
Biometrics
Compliance
CRM
Development
Digital certificates
Disaster Recovery
Identity & Access Management
Installation
Management
Policies
provisioning
Risk management
Security
Security management
Security Program Management
Security tokens
Single sign-on
In windows 2000/2003, Can we restrict a BuiltinAdministrators member to have just enough rights so that he/she can only create/delete domain Trust. The requirement that we have is to be programmatically create trust with all the domains in a given forest. The other part of the requirement is to maintain the created trusts (i.e. recreate the trust if it is broken for some reason) and to keep creating trusts for domains that are newly add in the forest. For this task our understanding is that we will need an Enterprise Admin but some of our customers may not be comfortable giving us the Enterprise Admin credentials so we want to create a user who is only able to create Trusts but nothing else. During our reserach we have come to a conclusion that we can not create trusts with a domain unless the used creantials belong to the member of the buitlinAdministrator group in the domain. hence the requirement to cripple a member of Administrators group so that it can only create trusts.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Do better research. When doing better research be sure to check-out the “Incoming Forest Trust Builders” builtin group which should solve your problem.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following