Announcement

Collapse
No announcement yet.

Role Based Access Control/Priviledged accounts

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Role Based Access Control/Priviledged accounts

    Hi,

    I'm trying to set up a system of role based administration/access control, by delegating administrative rights to varying degrees to different groups in AD.

    So i coul have say .. a helpdesk group, a desktop support group, a server support group etc.

    When you delegate control to a group it seems you either have a short list of generic admin rights you can delegate or you need to delegate specific ldap rights (or combinations of rights) to a group.

    Does anyone know where there is a good guide which clearly explains which ldap rights (or combination of rights) are required to perform administrative tasks?

    thanks

    Simon

  • #2
    Re: Role Based Access Control/Priviledged accounts

    You could use the Delegation of Control Wizard and chose any of the common tasks to delegate.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Role Based Access Control/Priviledged accounts

      Thanks, but I already know the "common tasks" that are available.

      What about "uncommon" tasks?

      I'd like to get a lot more granular than just the handful of options that are displayed as common tasks.

      Comment


      • #4
        Re: Role Based Access Control/Priviledged accounts

        Nevermind.

        I found a template on the technet website that you copy into the delegwiz.inf file on the domain controller and it adds 58 additional tasks to the delegate control wizard, ontop of the 12 "common" tasks that are there to begin with.

        This will give me most of what I need. The rest I can sort out using security groups, group policy,etc.

        I'd post the link - but i'm unable to post URLs because i've made less than 5 posts.

        Cheers.

        Comment


        • #5
          Re: Role Based Access Control/Priviledged accounts

          IF you would care to post the URL but break it up into chunks, it would be very helpful...
          Or make one more post and then you can do it
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Role Based Access Control/Priviledged accounts

            Cola123, I am quite curious as to what you did, as well as the link that you have to share. I am looking at doing the same thing at the moment, and have pretty much the same questions.

            Comment


            • #7
              Re: Role Based Access Control/Priviledged accounts

              technet.microsoft.com/en-us/library/cc772784(WS.10).aspx

              Hopefully this will post. just add the http etc at the start.


              I copied the data on this page into the delegwiz.inf file on the domain controller.

              It gave me 58 additional delegation options beyond the original 12 that were there.

              It allows you to get a lot more granular with delegation of rights. More so than the 12 standard options. So now if you want people to be able to create accounts or groups but not delete them etc - you can do so. With the standard delegation options, this would not be possible.


              I think using this template plus a combination of group policies and use of a couple of the built-in accounts like dns administrators and dhcp administrators i should be able to create to the system of role-based administration that I want for the network.

              If i find anything else useful I will post again hope this helps

              Comment

              Working...
              X