enterprise admin

Home Forums Security General Security enterprise admin

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    I’ve been on the activedir mailling list and i’ve heard that it is possible for a domain admin to gain enterprise admin access. I know you can do this pyhsically from one of the root dc’s and i know that MS considers the forest the security boundary NOT the domain but i was wondering how this can be done(is it through sidHistory- i think that was taken care of with sidFiltering).
    I ask because i’m an enterprise admin and the IT managers gave each local IT dept. a domain and made them all domain admins but NOT enterprise admins(management doesn’t trust them enough for that).
    so i was wondering, how easy it would be for a domain admin to inject him/her self into the enterprise admin group in a win2k sp4 forest, root domain in native mode?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.