| View Question |
|
|
 | ||
|
| Subject:
Can I set set Group Policies on a non-domain controller?
Category: Computers > Operating Systems Asked by: sherpaj-ga List Price: $11.00 |
Posted:
29 Sep 2004 18:10 PDT
Expires: 29 Oct 2004 18:10 PDT Question ID: 408165 |
Can I do Global Security Policy on a non-DC Is there a way to set Group Policies (or something like them) and run the Group Policy Editor (GPE) on a standalone server that is not a domain controller? I have a Win 2003 server that is standalone. If the answer is NO, then I guess I?ll have to promote it to a DC and my question will change to #1 - #6 below: - I have 20-30 local accts on my stand alone Win 2003 server that I am afraid will be blown away when I upgrade the server to a DC. #1 Is this true, will they be blown away #2 I believe they need to be converted to Active Directory accts. I heard there was a tool that does this conversion. Where I could download that and how do I use it? #3 I am also hosting some webdav sites (webfolders) via IIS, will upgrading make them stop working or mess with the complicated permissions structure we have in there. #4 I am also running SharePoint 2.0 team services on there, will that get damaged or stop working in any way? #5 I am also using it as a Terminal Server and have 10 accts that have a complicated configuration (windows settings, outlook profiles, etc). Will that get affected in any way if I upgrade it to a DC? Will the users out there on the Internet that have RDC bookmarks to get into these accts still be able to use these RDC bookmarks? #6 My IIS on this sever is also running TSWEB. Will this be affected. tsweb is a terminal server login page that uses a activex remote desktop component. It is a Microsoft thing. thanx in advnce |
| ||
|
| There is no answer at this time. |
| ||
|
| Subject:
Re: Can I set set Group Policies on a non-domain controller?
From: blowdart-ga on 08 Oct 2004 08:56 PDT |
Yes, you can administer a domain from another machine. On your Windows Server installed media will be a file called admintools.msi, or check your server for C:\winnt\system32\admintools.msi. Then, as long as you are an AD admin of course you can administer to your hearts content. To answer (some) of the other questions 1) Yes. Once a machine is a domain controller all local accounts will be blown away. 2) To migrate accounts use the ADMT tool (see http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dssbg_rent_vgkz.asp for instructions) 3) If the permissions relied on local users yes that will get messed up 4) (see 3) 5) (see 3) 6) Should have no effect, if it's administrative TS and not full blown terminal services. As a rule of thumb, however, never install IIS on a domain controller. Never install anything on a domain controller it doesn't need to do a job, be it SQL, SMTP or whatever. If someone compromises that server then now they have comprised the AD, as they will be running as a domain account. |
If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you. |
| Search Google Answers for |
| Google Home - Answers FAQ - Terms of Service - Privacy Policy |