Re: What are the user rights required in a domain to authorise DHCP?
- From: "Austin Osuide" <austin@xxxxxxxxxxx>
- Date: Fri, 2 Nov 2007 12:41:08 -0000
Hi Paul,
It's not a work around. It's more or less the direct translation of the KB Henrick posted.
I wish I knew about the KB before I had to go looking for exactly what was required to delegate this right about 2yrs ago now..
But that's what it is.. A derivative of the incredulity generated when asked to delegate EA rights.
Regards,
Austin
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message news:uJD9ynUHIHA.3600@xxxxxxxxxxxxxxxxxxxxxxx
Austin,
I am curious where you got this work around?
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Austin Osuide" <austin@xxxxxxxxxxx> wrote in message news:E108AED4-F6B5-47E7-BE30-3841DF93E183@xxxxxxxxxxxxxxxxHi Santosh,
I most certainly WOULD NOT give Enterprise Admins privileges to Authorize DHCP servers as stated by the other posters.
If you want to delegate the right to Auth DHCP servers, the Security principal needs the following privileges:
1. Create and Delete objects of the dHCPClass in the Netservices container of the configuration partition, and
2. Read and Write access to permissions of the Netservices container and it's child objects.
You can "dsacls" this on your DC by saving the following to a batch file and run it on the DC:
dsacls.exe "CN=NetServices,CN=Services,CN=Configuration,dc=example,dc=com" /I:S "EXAMPLE\DHCP AUTH GROUP:CCDC;dHCPClass"
dsacls.exe "CN=NetServices,CN=Services,CN=Configuration,dc=example,dc=com" /I:S "EXAMPLE\DHCP AUTH GROUP:wprp"
The Enterprise Admin's privilege is Sooooooooo powerful that you should NEVER delegate it for tasks.
Try the batch file in a test environment and let me know if you have any problems.
Regards,
Austin
"Santosh K." <SantoshK@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:58D535C0-FF5E-4CAA-B6FA-F23DB4444DC7@xxxxxxxxxxxxxxxxHello
Seeking suggestion from expertise...
What are the user rights required in a domain to authorise a DHCP server?
any suggestion from experts will help me to address this query.
Thanks in advance
Santosh K.
.
- Follow-Ups:
- Re: What are the user rights required in a domain to authorise DHCP?
- From: Paul Bergson [MVP-DS]
- Re: What are the user rights required in a domain to authorise DHCP?
- References:
- Re: What are the user rights required in a domain to authorise DHCP?
- From: Austin Osuide
- Re: What are the user rights required in a domain to authorise DHCP?
- From: Paul Bergson [MVP-DS]
- Re: What are the user rights required in a domain to authorise DHCP?
- Prev by Date: Re: Home Folder Issues?
- Next by Date: GC question....
- Previous by thread: Re: What are the user rights required in a domain to authorise DHCP?
- Next by thread: Re: What are the user rights required in a domain to authorise DHCP?
- Index(es):
