Re: What are the user rights required in a domain to authorise DHCP?

---

• From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
• Date: Fri, 2 Nov 2007 07:14:41 -0500

---

Austin,
I am curious where you got this work around?

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Austin Osuide" <austin@xxxxxxxxxxx> wrote in message
news:E108AED4-F6B5-47E7-BE30-3841DF93E183@xxxxxxxxxxxxxxxx

Hi Santosh,
I most certainly WOULD NOT give Enterprise Admins privileges to Authorize
DHCP servers as stated by the other posters.
If you want to delegate the right to Auth DHCP servers, the Security
principal needs the following privileges:
1. Create and Delete objects of the dHCPClass in the Netservices container
of the configuration partition, and
2. Read and Write access to permissions of the Netservices container and
it's child objects.

You can "dsacls" this on your DC by saving the following to a batch file
and run it on the DC:

dsacls.exe "CN=NetServices,CN=Services,CN=Configuration,dc=example,dc=com"
/I:S "EXAMPLE\DHCP AUTH GROUP:CCDC;dHCPClass"
dsacls.exe "CN=NetServices,CN=Services,CN=Configuration,dc=example,dc=com"
/I:S "EXAMPLE\DHCP AUTH GROUP:wprp"

The Enterprise Admin's privilege is Sooooooooo powerful that you should
NEVER delegate it for tasks.

Try the batch file in a test environment and let me know if you have any
problems.

Regards,

Austin




"Santosh K." <SantoshK@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:58D535C0-FF5E-4CAA-B6FA-F23DB4444DC7@xxxxxxxxxxxxxxxx

Hello

Seeking suggestion from expertise...

What are the user rights required in a domain to authorise a DHCP
server?

any suggestion from experts will help me to address this query.

Thanks in advance
Santosh K.

.

---

• Follow-Ups:
  • Re: What are the user rights required in a domain to authorise DHCP?
    • From: Austin Osuide

• References:
  • Re: What are the user rights required in a domain to authorise DHCP?
    • From: Austin Osuide

• Prev by Date: Re: can't install security hotfix due to do not have permission
• Next by Date: Re: creating a splash screen at login
• Previous by thread: Re: What are the user rights required in a domain to authorise DHCP?
• Next by thread: Re: What are the user rights required in a domain to authorise DHCP?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: SEPKILL /im SMC.EXE /f ... ::Save the following as a batch file and execute it. ... can't reproduce on my test systems or requires administrator privileges ... (Bugtraq) Re: Calling a batch file from IE using asp and vbscript ... I don't know if I can explain the scheduled task process better without ... the batch file ... >> privileged user, change the application to run as windows authenticated ... >> IUSR_machineName to a group with enough privileges to execute the batch ... (microsoft.public.inetserver.asp.general) Re: What are the user rights required in a domain to authorise DHCP? ... I most certainly WOULD NOT give Enterprise Admins privileges to Authorize DHCP servers as stated by the other posters. ... The Enterprise Admin's privilege is Sooooooooo powerful that you should NEVER delegate it for tasks. ... (microsoft.public.windows.server.active_directory) RE: Priviledge escalation attack ... the context of the logged-on user. ... or unless the batch file executes a runas (which ... > I (who am logged in as Administrator) am having a network ... > created by user with normal access privileges called 'nbstat.bat' ... (Focus-Microsoft)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)