How to allow users to create groups and shares
- From: Ronnie <Ronnie@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 5 Mar 2009 01:30:06 -0800
Hi,
I started in a new company some time ago, and I'm now looking at the
policies etc. During this work I found that 10 users are member of the
administrators group in the domain. Now there's no way this is necessary so I
want to remove most of these users, but some of them will still need to be
able to administer a specific share on the file server. This includes
creating new shares within the existing share, and create groups and
maintaining membership of these groups to grant access for only certain users
to the shares within the existing share.
Now my question is how can I best limit their rights to only do this? I've
been thinking about adding the users to the Account Operators group, but this
will give them permission to create, modify, and delete accounts for users,
groups, and computers in all containers and organizational units of Active
Directory except the Builtin container and the Domain Controllers OU. If
possible I'd like them to only be able to create and administer groups and
not create users and computers. I don't think this group will allow them to
create shares either, but can I achieve this my adding them to the Power
Users group?
If I can't achieve my goal with any of the built-in groups can I then create
a new group and grant this one the necessary permissions?
Thanks in advance,
Ronnie
.
- Follow-Ups:
- Re: How to allow users to create groups and shares
- From: Meinolf Weber [MVP-DS]
- Re: How to allow users to create groups and shares
- Prev by Date: Re: disable users while user is logged into the domain
- Next by Date: Re: Roaming Profile trusted domain users
- Previous by thread: Renewal root certificate authority, what happens to user certifica
- Next by thread: Re: How to allow users to create groups and shares
- Index(es):
Relevant Pages
|
