locked
Local administrators group access gives remote mmc access to OCS RRS feed

  • Question

  • I'm testing rights for various groups within our org.  I added a group that is NOT a member of the RTCUniversalServerAdmins or Domain Admins to the local Administrators group on the OCS server.  I would expect that the members of that group can access the OCS server console on that server.  HOWEVER, why can they also then access the server via remote mmc snap-in from another non-OCS server?
    Thanks!

    Wednesday, April 15, 2009 6:21 PM

Answers

  • That is expected; any members of the Local Administrators group on a Windows Server (depnding on the OS version and if any local security policy changes) will be allowed to connect remotely to the server over any listening services regardless of where the user is connecting from.  This behavior has nothing to do with the OCS configuration or RTC* group membership.


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • Marked as answer by jagard29 Thursday, April 16, 2009 3:34 PM
    Wednesday, April 15, 2009 6:43 PM
    Moderator

All replies

  • That is expected; any members of the Local Administrators group on a Windows Server (depnding on the OS version and if any local security policy changes) will be allowed to connect remotely to the server over any listening services regardless of where the user is connecting from.  This behavior has nothing to do with the OCS configuration or RTC* group membership.


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • Marked as answer by jagard29 Thursday, April 16, 2009 3:34 PM
    Wednesday, April 15, 2009 6:43 PM
    Moderator
  • Thanks Jeff!  I passed this along and they're going to restrict who has local admin rights on the server.
    Thursday, April 16, 2009 3:35 PM