Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
 All Forums
 HALP! Questions on Windows and Windows Server
 Active Directory
 Computer Account in Domain Admins Group

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
Note: please do not cross-post.
Cross-postings will be deleted and ignored.
Thanks for helping to keep this forum junk-free!
 Check here to subscribe to this topic.
   

T O P I C    R E V I E W
rmoore@afsc.org Posted - 04/20/2012 : 11:23:16 AM
Hello All--

I posted this question in the DPM forum. But I thought I would post it here as well, since it's really an AD question.

I've been working for several days to find a solution to a problem with DPM. I finally stumbled across something at social.technet.microsoft.com that has fixed the problem. I put the computer account of our DPM server into the Domain Admins group. (Our AD is 2008 R2, raised to the highest functional level.)

It's not clear to me why this fixed the problem. More important, are there bad things that could happen as a result of putting a server's computer account into the Domain Admins group?

Thanks,
Rob
5   L A T E S T    R E P L I E S    (Newest First)
rmoore@afsc.org Posted - 04/26/2012 : 10:29:25 AM
I finally got a chance to test out putting the DPM server computer account into the local admin group on the problematic XP workstation. It worked! Good idea you had. I should have thought of that myself. Thanks.

Rob
Playwell Posted - 04/21/2012 : 07:39:30 AM
See if adding the computer account to the XP's local admins group helps in stead. Am curious.
rmoore@afsc.org Posted - 04/20/2012 : 2:11:16 PM
Here's the link: http://social.technet.microsoft.com/Forums/en-US/dataprotectionmanager/thread/132dff35-1471-453c-bf4f-904d297d43aa/

Oddly, I've installed the DPM client on a number of computers--both Windows 7 and XP--without any trouble. Just this one has given me problems.

Rob
wkasdo Posted - 04/20/2012 : 2:01:12 PM
> It's not clear to me why this fixed the problem.

Looks like the DPM computer account needs local admin permissions on XP. Putting the account in D.A. is one way of accomplishing this.

> More important, are there bad things that could happen as a result of putting a server's computer account into the Domain Admins group

It means that anyone controlling DPM and/or the server has Domain Admins permissions, or can get them when he/she wants. Doesn't sound good to me...
aval Posted - 04/20/2012 : 1:56:15 PM
I suppose that if someone clever could manage to run a script using the credentials of that computer, they would have a lot of power (same rights as a domain admin). I'm not sure how or if that could be practically exploited.

Could youprovide the technet link?

Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.14 seconds. Snitz Forums 2000