Ako korisnik ima lokalna admin prava, to je nemoguce izvesti...

bas me cudi ovaj odgovor od someone_bl, kad to NEMA SANSE, o cemu pricas, pa nisu ti valjda local admin pass i DC admin pass isti pa neko pristupi DC-u što je u najmanju ruku smešno il bar neiskusno .

Ganjaman, ako se lokalni administrator loguje na workstation, on ima ovlašćenje da ukloni taj workstation sa domaina.

Cek da vidimo dal o istom pricamo ovde
Znaci desni taster na My Computer->Properties->Computer Name->Change i npr. prebacis sa Domain u Workgroup
Ako je to u pitanju to kod mene (gde sad radim) NE MOZE sigurno. Nisam ja pravio mrezu pa ne znam gde su i jesu li nesto negde definisali ali to ne moze, a sutra cu bas da odem da proverim tamo gde sam ja pravio posto mi nije palo napamet da to moze nekom da posluzi za bilo sta. Valjda je fora "neovlašćeno" vezati u domen ne razvezati. Sve u svemu ako po default-u to moze izvinjavam se someone_bl-u znam da je moćan admin a odgovor na pitanje je da nekako sigurno moze a kako to cu sutra greje mi se pivo

Uhh, gresio sam oprostite mi :))) Elem tacno je da po default-u local admin moze da isčlani workstation sa domena ali evo kako se to rešava

http://www.windowsnetworking.c...rity/BlockingDomainUnjoin.html

Sa gorenavedenog linka:
"Domain users who are also members of the Administrators local group on their computers have the ability to remove their computers from the domain if they so choose. This would be bad of course, because it would mean that their machines would enter an unmanaged state (unaffected by Group Policy) and this would reduce their security and the security of user data stored on them.

How can you prevent users from unjoining their computers from the domain? Unfortunately, you can’t prevent by modifying user rights, you can only do it by removing their domain user account from the Administrators local group on their computers, which is yet another good reason for not granting users admin privileges over their machines. If your users already have admin privileges on their machines however, you could customize this script from the TechNet Script Repository and deploy it using Group Policy to remove users from the Administrators local group on their machines, but you should carefully test before you take this step as it can cause compatibility issues for some user applications if users are not admins on their machines. "

A šta ako se neko uloguje kao Lokalni Admin, umesto kao user koji ima ovlašćenja Lokalnog Admina*?

edit: *Odnosno u tom momentu ne bi imao ovlašćenja Lokalnog Admina, jer bi bio izbačen iz grupe Local Administrators.

_{[Ovu poruku je menjao AleksandarNS dana 12.11.2007. u 19:29 GMT+1]}

Zahvaljujem se svima na pomoći. Probaću da iskoristim TechNet script.

Peđa.

Hahah, ovo kao da je preporuka direktno od MS-a. "Da bi sprecio da neko ko je u grupi lokalnih administratora unjoin-uje komp ti ga izbaci iz grupe" :)
Doduse, to i jeste jedino resenje. Ako imas admin ovlascenja na kompu - mozes sta god hoces da radis tom kompu.