Active Directory

Easily Removing End Users from the Local Administrators Group

by Daniel Petri

In many enterprises, the organization policy is to add end users to the local Administrators group on their assigned PC; often to allow legacy applications which require administrative privileges to run correctly. However, there's a great risk in setting the end users as local administrators... information security. In this article MVP Daniel Petri presents a few better and more secure options.

Transferring FSMO Roles

with 47 Comments by Daniel Petri

How can I transfer some or all of the FSMO Roles from one DC to another? Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation), as described in Understanding FSMO Roles in Active Directory. In most cases an administrator can keep the FSMO role holders (all 5… Read More