Search

TFS - Issue with Local Administrators Group by AndyW2007

Closed
as By Design Help for as By Design

1
0
Sign in
 to vote
Type: Bug
ID: 780740
Opened: 3/5/2013 5:43:41 PM
Access Restriction: Public
0
Workaround(s)
0
User(s) can reproduce this bug

When setting up permissions on TFS2012 Team Portal, TFS Inherits all members of the servers "local administrators group" and grants them all Administrative permissions to the server.

These members may consist of individual user accounts or active directory groups - for example operations and systems teams. They show up under the "Windows Groups" menu for the Team Project Collection.

As there is no mechanism to exclude individual Windows users and groups, the result is quite a few people end up having administrative access to TFS.

It is necessary to be able to choose which groups to include and which to be able to exclude.
Details (expand)

Visual Studio/Team Foundation Server/.NET Framework Tooling Version

Team Foundation Server 2012

Steps to reproduce


From the Team Portal, navigate to "Administer Settings"
Navigate to the Team Project Collection (Control Panel > <team collection>
Select the Security Tab

Make note of the Groups displayed under the "Windows Groups" option. If there are A/D Groups added to the servers local administrators groups, they will be listed here and cannot be excluded.

Product Language

English

Operating System

Windows Server 2008 R2 SP1

Operating System Language

English

Actual results


Users are given access to the server that should not have access. Users are given administrative permissions. Potentially licensing might be affected.

Expected results


Should be able to include or exclude inherited windows groups on an individual basis.
File Attachments
0 attachments
Sign in to post a comment.
Posted by Microsoft on 3/15/2013 at 2:33 PM
Hello Andy,

This is actually by design - we add the Local Administrators group by default in order to prevent you from locking yourself out of the server, if you wish to remove it, you can do so from the TFS management console Group Membership settings.

Thanks
Chandru
Posted by AndyW2007 on 3/7/2013 at 4:30 PM
This has been marked as resolved. Just wondering if there is any chance of telling us what the actual resolution is to the problem?
Posted by Microsoft on 3/5/2013 at 11:35 PM
Thank you for submitting feedback on Visual Studio and .NET Framework. Your issue has been routed to the appropriate VS development team for investigation. We will contact you if we require any additional information.
Posted by Microsoft on 3/5/2013 at 5:51 PM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(http://support.microsoft.com)
Sign in to post a workaround.
© 2013 Microsoft Corporation. All rights reserved. Microsoft Connect Terms of Use | Trademarks | Privacy Statement