Re: How to give permissions
- From: "Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx>
- Date: Wed, 27 Jul 2005 19:06:45 +0200
Hi,
For adding computers to domain, you can give specific users permission "add
workstations to the domain". Best thing to do would be to create a group
called e.g. "Permissions to add workstations to the domain". Now give this
group "add workstations to the domain" permissions on Default Domain
Controller policy.
For resetting accounts and passwords delegate these permissions to another
(or same) group. In Active Directory Users and Computers right click level
where you want to delegate these permissions (e.g. domain or OU (personally
I would go with OU)) and select Delegate Control and follow the wizard.
Delegate policy-related permissions on a domain, OU, or site using GPMC
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8efacdf7-9700-4395-9d2a-9e848b1737ee.mspx
--
Mike
Microsoft MVP - Windows Security
"Raji A" <rajia@xxxxxxxxxxxxxxxxxxx> wrote in message
news:OtFZTsmkFHA.3960@xxxxxxxxxxxxxxxxxxxxxxx
> Hi
>
> i want to give permissions for a user group - in this case our helpdesk
> people, to add add workstations to the domain, reset accounts and
> passwords, setup printers, etc.
> Can they use the RUNAS command to use this account, rather than use a full
> log in.
>
> Any pointers and what is required.
>
> RajiA
>
>
.
- References:
- How to give permissions
- From: Raji A
- How to give permissions
- Prev by Date: WINDOWS SERVER 2003 ENTERPRISE and DOMAIN VANISHES
- Next by Date: Re: Windows 2003 Server (w2k3) issues after installing Service Pac
- Previous by thread: How to give permissions
- Next by thread: 1030 & 1058 logged in application log
- Index(es):
Relevant Pages
|
