TFS - Issue with Local Administrators Group - by AndyW2007

Status : 

  By Design<br /><br />
		The product team believes this item works according to its intended design.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

Sign in
to vote
ID 780740 Comments
Status Closed Workarounds
Type Bug Repros 0
Opened 3/5/2013 5:43:41 PM
Access Restriction Public


When setting up permissions on TFS2012 Team Portal,  TFS Inherits all members of the servers "local administrators group" and grants them all Administrative permissions to the server.   

These members may consist of individual user accounts or active directory groups - for example operations and systems teams.  They show up under the "Windows Groups" menu for the Team Project Collection.

As there is no mechanism to exclude individual Windows users and groups, the result is quite a few people end up having administrative access to TFS.

It is necessary to be able to choose which groups to include and which to be able to exclude.

Sign in to post a comment.
Posted by Chandru [MSFT] on 3/15/2013 at 2:33 PM
Hello Andy,

This is actually by design - we add the Local Administrators group by default in order to prevent you from locking yourself out of the server, if you wish to remove it, you can do so from the TFS management console Group Membership settings.

Posted by AndyW2007 on 3/7/2013 at 4:30 PM
This has been marked as resolved. Just wondering if there is any chance of telling us what the actual resolution is to the problem?
Posted by Microsoft on 3/5/2013 at 11:35 PM
Thank you for submitting feedback on Visual Studio and .NET Framework. Your issue has been routed to the appropriate VS development team for investigation. We will contact you if we require any additional information.
Posted by Helen [MSFT] on 3/5/2013 at 5:51 PM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(