Restrict admin console

Discussion:

(too old to reply)

b33zy

2007-11-29 15:41:01 UTC

I have users in my envionrment creating rules and doing who knows what else.
How can I stop people with admin rights to the MOM management servers the
ability to do this? I really want to lock MOM down if possible. Anyone have
any ideas?

Thomas CR

2007-11-30 07:49:00 UTC

Permalink

There are an tool in the MOM Resourcekit that allows you to remove the
"buitin admins" from the MOM Administrator group.
--
BR
Thomas CR

Post by b33zy
I have users in my envionrment creating rules and doing who knows what else.
How can I stop people with admin rights to the MOM management servers the
ability to do this? I really want to lock MOM down if possible. Anyone have
any ideas?

b33zy

2007-11-30 15:54:00 UTC

Permalink

Thanks Thomas. I found it after reading what you said, it's the DAS Role
Update Utility and it removes the built-in/admins group from the COM roles.
This doesn't stop anyone from adding themselves to the mom admins group
though but it's a good start.

Post by Thomas CR
There are an tool in the MOM Resourcekit that allows you to remove the
"buitin admins" from the MOM Administrator group.
--
BR
Thomas CR

Thomas CR

2007-12-01 06:10:00 UTC

Permalink

Then you have to remove the "Domain admins" from the administrators group :-)
But I know the problem
--
BR
Thomas CR

Post by b33zy
Thanks Thomas. I found it after reading what you said, it's the DAS Role
Update Utility and it removes the built-in/admins group from the COM roles.
This doesn't stop anyone from adding themselves to the mom admins group
though but it's a good start.

Post by Thomas CR
There are an tool in the MOM Resourcekit that allows you to remove the
"buitin admins" from the MOM Administrator group.
--
BR
Thomas CR