Re: What are the user rights required in a domain to authorise DHCP?
- From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Fri, 2 Nov 2007 09:01:36 -0500
When I stated work around I was referring to whether or not there was a KB
article associated with it, just semantics I guess.
I missed following up on Henrik's post.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Austin Osuide" <austin@xxxxxxxxxxx> wrote in message
news:7A09BD5E-BBB2-4D74-ADF8-7EA6A3A8EBF6@xxxxxxxxxxxxxxxx
Hi Paul,
It's not a work around. It's more or less the direct translation of the KB
Henrick posted.
I wish I knew about the KB before I had to go looking for exactly what was
required to delegate this right about 2yrs ago now..
But that's what it is.. A derivative of the incredulity generated when
asked to delegate EA rights.
Regards,
Austin
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:uJD9ynUHIHA.3600@xxxxxxxxxxxxxxxxxxxxxxx
Austin,
I am curious where you got this work around?
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Austin Osuide" <austin@xxxxxxxxxxx> wrote in message
news:E108AED4-F6B5-47E7-BE30-3841DF93E183@xxxxxxxxxxxxxxxx
Hi Santosh,
I most certainly WOULD NOT give Enterprise Admins privileges to
Authorize DHCP servers as stated by the other posters.
If you want to delegate the right to Auth DHCP servers, the Security
principal needs the following privileges:
1. Create and Delete objects of the dHCPClass in the Netservices
container of the configuration partition, and
2. Read and Write access to permissions of the Netservices container and
it's child objects.
You can "dsacls" this on your DC by saving the following to a batch file
and run it on the DC:
dsacls.exe
"CN=NetServices,CN=Services,CN=Configuration,dc=example,dc=com" /I:S
"EXAMPLE\DHCP AUTH GROUP:CCDC;dHCPClass"
dsacls.exe
"CN=NetServices,CN=Services,CN=Configuration,dc=example,dc=com" /I:S
"EXAMPLE\DHCP AUTH GROUP:wprp"
The Enterprise Admin's privilege is Sooooooooo powerful that you should
NEVER delegate it for tasks.
Try the batch file in a test environment and let me know if you have any
problems.
Regards,
Austin
"Santosh K." <SantoshK@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:58D535C0-FF5E-4CAA-B6FA-F23DB4444DC7@xxxxxxxxxxxxxxxx
Hello
Seeking suggestion from expertise...
What are the user rights required in a domain to authorise a DHCP
server?
any suggestion from experts will help me to address this query.
Thanks in advance
Santosh K.
.
- Follow-Ups:
- Re: What are the user rights required in a domain to authorise D
- From: Santosh K.
- Re: What are the user rights required in a domain to authorise D
- References:
- Re: What are the user rights required in a domain to authorise DHCP?
- From: Austin Osuide
- Re: What are the user rights required in a domain to authorise DHCP?
- From: Paul Bergson [MVP-DS]
- Re: What are the user rights required in a domain to authorise DHCP?
- From: Austin Osuide
- Re: What are the user rights required in a domain to authorise DHCP?
- Prev by Date: Re: Home Folder Issues?
- Next by Date: Re: GC question....
- Previous by thread: Re: What are the user rights required in a domain to authorise DHCP?
- Next by thread: Re: What are the user rights required in a domain to authorise D
- Index(es):
Relevant Pages
|
