No announcement yet.

Dns user rigts

  • Filter
  • Time
  • Show
Clear All
new posts

  • Dns user rigts

    I have set up a 2008 r2 standalone server to run microsoft DNS.
    Have also made a web config page that reads and writes to the dns server when authenticating as built in administrator account.
    For security reasons I would like to change this to another account then admin but I cant find out what types of rights I need.

    I have made a dnsadmin account and put it in the local administrators group, but when I try to access the nds from the remote website I get access denied.
    Added the dnsadmin to remote desktop access thinking logonlocallly was needed, same result acces denied.

    Running out of options.

    (Please answer the question at hand, there is a reason for the server not to be a part of a domain and set up like it is, so answers telling me to change the config does not help me)

  • #2
    Re: Dns user rigts

    I think a bit more info about how it works OK now would help, here. To recap:
    *-The DNS is on a stand-alone server; no domain, no AD-integration
    Q: what's it hosting, how are updates configured?
    *-The remote web page is on another server, member status unknown here
    Q: what authority/security is set for the virtual directory?
    *-Using local admin credentials (on web server?, on DNS server?), writes to the DNS from the web page are successful.
    Q: are these writes to the DNS itself, or merely files on the same server?

    As long as both servers are not domain-joined, the Security Accounts Manager (SAM) lookup is local to each server. So the member \\DNS\Admin has no authority on \\Web, just like \\Web\Admin has no authority on \\DNS. So it's not obvious (to me, anyway) how the process you describe is working as things stand.

    Can you provide any more info?
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **