Re: Delegated permission to add computers
From: Jeff (jeffpoling_at_yahoo.com)
Date: 01/10/05
- Next message: ptwilliams: "Re: Delegated permission to add computers"
- Previous message: ptwilliams: "Re: W2K3 cross domain trust"
- In reply to: ptwilliams: "Re: Delegated permission to add computers"
- Next in thread: ptwilliams: "Re: Delegated permission to add computers"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 10 Jan 2005 15:08:45 -0600
Let me see if I can do a better job of describing what I am doing:
1. Delegated permissions on the Computers container to a specific global
group using the wizard
2. A user who is a member of the above group was unable to add a computer
to the domain. He gets an "Access Denied" error message
3. I went to the security tab of the Computers container and verified the
permissions:
GroupName Create/Delete Computer Objects
4. I then added the following permission for computer objects in the
COmputers container:
GroupName Full Control
5. The user still gets "Access Denied" when attempting to add a computer to
the domain.
Let me know if any more information is needed to clarify my situation.
Thanks,
JEff
"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:umlL5a19EHA.1084@TK2MSFTNGP15.phx.gbl...
> Hmmm...
>
> I can't visualise what's happening : (
>
> So you've created a group, added some users, and delegated the permissions
> to
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Jeff" <jeffpoling@yahoo.com> wrote in message
> news:OrY1lT19EHA.2012@TK2MSFTNGP15.phx.gbl...
> Even after giving the group Full Control of Computer objects on the
> Computers container, I get an access denied message when I try to add the
> computer to the domain.
>
> Any additional ideas?
>
> Thanks,
>
> Jeff
>
>
> "ptwilliams" <ptw2001@hotmail.com.donotspam> wrote in message
> news:EDB58635-9F76-4A47-9012-DAD5A2C31C1B@microsoft.com...
>> What permissions have you set, and with what scope?
>>
>> I'd say you want this:
>>
>> Allow - groupName - Create/ Delete Computer Objects - This object and all
>> child objects
>> Allow - groupName - Full Control - Computer Objects
>>
>> You can also delegate this using the wizard; you just need to add
>> computer
>> objects as a custom delegation task.
>>
>> There's also a property on the domain that allows any user to join up to
>> 10
>> machines to the domain. You might want to change this. Search google
>> for
>> ms-DS-MachineAccountQuota. This is the property that controls this.
>>
>> --
>>
>> Paul Williams
>>
>> http://www.msresource.net/
>> http://forums.msresource.net/
>>
>>
>> "Jeff" wrote:
>>
>>> I created a group in AD and delegated permission for that group to add
>>> computers to the default computer container. For some reason when a
>>> user
>>> in
>>> the group attempts to add a PC to the domain (via My COmputer |
>>> Properties),
>>> it returns an access denied error. What can I do to troubleshoot this?
>>> Everything looks correct in AD? Am I missing a permission somewhere?
>>>
>>> Thanks,
>>>
>>> Jeff
>>>
>>>
>>>
>
>
>
- Next message: ptwilliams: "Re: Delegated permission to add computers"
- Previous message: ptwilliams: "Re: W2K3 cross domain trust"
- In reply to: ptwilliams: "Re: Delegated permission to add computers"
- Next in thread: ptwilliams: "Re: Delegated permission to add computers"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
