Announcement

Collapse
No announcement yet.

Active Directory rights Assignment

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory rights Assignment

    Hi,

    I Have Domain Contoller On windows Sever 2003 and Two Addtional Domain Controller on two different branch office at diffrent location.which are also runnig on windows server 2003

    i have created two ou for both barnch
    1.SURAT OU
    2.BARODA OU
    and move SURAT ADC TO SURAT OU AND BARODA ADC TO BARODA OU

    i want to configure that IT person who is sitting on SURAT branch office (who is the member of domain user ) is able to install application and maintain all application ON SURAT ADC AS well as he also able to maintain SURAT OU.

    he IS ONLY ABLE TO LOG ON IN SURAT ADC HE SHOULD NOT BE LOG ON ON OTHER DOMAIN CONTROLLER OR SERVER ACCEPT HIS OFFICE.

    HE HAS ADMINISTRATIVE RIGHTS ONLY FOR HIS BRANCH OFFICE NOT FOR ALL BRANCHES


    KINDLY SUGGEST ME HOW TO CONFIGURE THIS
    Last edited by jigneshvaghasiya; 25th January 2010, 08:27.

  • #2
    Re: Active Directory rights Assignment

    Configure delegation on that Surat OU and add that IT person to manage the roles you would need him to do for that OU...to login to the ADC add him in the "logon locally" settings in the domain controller security policy or create a new GPO and edit the local security policy, add the IT user in question in logon locally tab, link it to the ADC.

    Comment


    • #3
      Re: Active Directory rights Assignment

      hi jinal

      i have tried it i have created new log on locally policy on surat ou for surat adc

      but policy was not deployed

      kindly tell me if i have done any mistake

      Comment


      • #4
        Re: Active Directory rights Assignment

        Have you checked running RSOP, which settings have taken effect?

        You may need to change the priority of the applied GPO on the OU to hightest. You can do it using GPMC tool.

        Also, make sure that in the security tab of the GPO "authenticated users" has the read permission in order to apply the policy in the OU container.

        Comment


        • #5
          Re: Active Directory rights Assignment

          hi Jinal,

          I Have installed GPMC tool and try to deploy log on locally policy on Surat ou which is Contain my Surat adc

          on Surat adc RSOP Shows log on locally policy is deployed but user who is assign for locally log in cant log on on Surat adc

          kindly suggest me what is actuall problem is ???

          how to set highest priority for this policy ???

          i have block inheritance and enforece the policy
          Last edited by jigneshvaghasiya; 27th January 2010, 10:14.

          Comment


          • #6
            Re: Active Directory rights Assignment

            kindly suggest me what is actuall problem is ???

            If the user is trying to login through RDP from other PC to manage your ADC then he must be added to "Allow log on through Terminal Services" under user assignment in the GPO. Issue a force update i.e. gpupdate /force from the ADC and check if this helps.


            how to set highest priority for this policy ??? .

            To change the precedence of a link, you can change the link order, moving each link up or down in the list to the appropriate location. The link with the higher order (with 1 being the highest order) has the higher precedence for a given site, domain, or organizational unit.

            In GPMC there is a tab, can't remember the exact name, where all the linked GPOs will show up. Just bring up the new GPO for which you configured the above two options and then force another gpupdate.

            Comment

            Working...
            X