Securing DNS MMC

  • Thread starter Thread starter Tim Hemmerling
  • Start date Start date
T

Tim Hemmerling

We are in the process of replacing our ancient Bind
servers with Win2K DNS servers. We do not plan on using
the AD integrated DNS as our DNS administrator is a Unix
person and needs to have the ability to manually maintain
records.

What we would like to do is lock the DNS MMC console so
that other admins within the network cannot get into the
console. Is there any mechanism, short of putting the DNS
servers in a standalone workgroup, to lock the console?

Thanks,
Tim Hemmerling, MCP
 
What we would like to do is lock the DNS MMC console so
that other admins within the network cannot get into the
console. Is there any mechanism, short of putting the DNS
servers in a standalone workgroup, to lock the console?
Click to expand...

Don't make admins that are not really admins. Make them
users with SOME admin priveleges.

You can try making a group (of them) and denying access
but you will have to work at it that way.

(An admin can always find SOME way to get around
permissions and rights but the default is a DENY overrides
a GRANT even for admins so it might at least remind them
that they are not allowed and make a business rule that says
"If you do this, you can look for a new job."
 
Back
Top