Hi,
We do not want all users that are members of the local administrators group on a server to be make changes on a failover cluster.
On the cluster permissions we are looking to change the administrators group from full control to read and create another group that will contain the domain users that we want to be able to administer the cluster and give that full control.
Are there any issues with this approach?
Have been doing some testing on a windows 2012 cluster with a user that has local administrator rights to a server and read only access to the cluster. The local administrators group has just read only access to the cluster.
Logging in with the account and using powershell the user can list a resource group for example but not delete it or create a new one. However when using the failover cluster mmc the user can read, delete and create these items?
Any idea what is going on here? On task manager the MMC & powershell are both running under the user account.
Thanks.