I'm responsible for some software that lives on a computer in a managed domain. The client is a mining giant and a third party manages the domain rather bureacratically.
They have standard configurations they push out via Active Directory replication.
Appropriate channels have been invoked for having the official configuration change made, but from experience I know this will take about six weeks before they make the wrong change and about six months before the dust settles.
While I have local admin privileges on the server that is in my care, changes that I make (such as setting up MSMQ) are periodically overridden by AD updates.
My question is: How can I inhibit AD updates? If I revoke Domain Admin permissions on the local registry files will that stop AD from turning off my services?