Announcement

Collapse
No announcement yet.

"Local Administrator" on DC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • "Local Administrator" on DC

    Any tips on giving a junior admin more or less admin permissions on a DC?

    They will need to e.g.
    Set up files and shares
    Backups
    View event logs etc.
    Log on remotely

    But not:
    Go into other servers outside their site
    Go into Domain level management unless delegated permissions

    I thought Server Administrators could do this, but testing so far seems to restrict them to member servers only. Domain is mixed 2K3 / 2K8 in 2003 Native Mode. Note server operators can log on to the DC and work with files and folders but changing security permissions, for example, is not permitted without elevation to an "administrator"

    Any bright ideas?
    Last edited by Ossian; 29th June 2008, 13:02.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

  • #2
    Re: "Local Administrator" on DC

    Eventviewers can be done by GPO.
    Others via Delegation of control and backup operator?

    I don't know what you mean with Logon remotely.. to what?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: "Local Administrator" on DC

      Sorry -- log on remotely to the DC in question....
      Sorted that by modifying the local security policy, but I'm still stumped on how I can delegate the right to change permissions
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: "Local Administrator" on DC

        Change of NTFS permissions can't really be done, unless you add a group to the folders and give them full control permissions.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: "Local Administrator" on DC

          Damn, I'm getting senile... I spend so much time removing "full control" that I forgot I can put it back!
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: "Local Administrator" on DC

            This will cost you a
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X