Re: delegate admin rights to an user in an OU
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Mon, 20 Nov 2006 15:57:16 -0500
No and you don't want them administrating the DC. If they have that level of rights they can actually take away YOUR rights. It is a few relatively simple steps to escalate from local rights to Enterprise Admin level.
In general you also don't want to use DCs for file and print, lots of nice security holes available there.
The only things in your list I would delegate would be the user stuff and the computer stuff.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Tomppa wrote:
Is it possible to give an user in a branch office so much rights with delegate control and group policies, so he could administrate their DC without help from the domainadmin?.
the local admin should be able to:
- install programs that need local admin rights
- take backup
- share files
- create and share printers
- add computers to domain
- create users, reset password for other users in his OU
Is this possible with a reasonable amount of work?
Tomppa
- Follow-Ups:
- Re: delegate admin rights to an user in an OU
- From: Tomppa
- Re: delegate admin rights to an user in an OU
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: delegate admin rights to an user in an OU
- References:
- delegate admin rights to an user in an OU
- From: Tomppa
- delegate admin rights to an user in an OU
- Prev by Date: Re: Query for Office Version
- Next by Date: Re: Managing ID in Vista
- Previous by thread: Re: delegate admin rights to an user in an OU
- Next by thread: Re: delegate admin rights to an user in an OU
- Index(es):
Relevant Pages
|
Loading
