Re: sbs user permissions

Charles, thanks for the reply. I am not understanding your statement on
security holes. That is precisely the reason why I do not want to give her
permission on mine and my boss's mailbox & AD account. What would happen if
I set deny permissions on my account to for just her user account?

Also, why would she need Domain Admin privileges? Why not just
Administrators privileges?

TIA!

""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:d%23qJ1UMkFHA.3120@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi,
>
> Welcome to our SBS newsgroup.
>
> I am sorry for the delayed response due to weekend. Please understand that
> the newsgroups are staffed weekdays by Microsoft Support professionals to
> answer your systems and applications questions. Your understanding is
> greatly appreciated!
>
> Issue description:
>
> I understand that you want to customize one SBS user's permission to give
> her some special permission.
>
> Analyzing and suggestions:
>
> By default, we can use delegate control to give user special permission,
> after checking your requirement, it might be difficult to delegate such
> kinds of permission to a special user. As the permission you required for
> that user is a full Domain Admin permission, by default if you applied
> this
> kinds of permission to that user, the user will have the right to change
> the password of any users.
>
> We can not set limitation to only allow user to change part of users'
> permission in special group. So it might be impossible to achieve your
> goal. As this might be a security hole, if such user can be created, the
> hacker can use this kinds of user to change the password of other admin'
> password then they can use it to steal the password of you and your boss.
>
> However you can refer to the steps below to see the permission we can
> delegate to SBS users.
>
> 1. Navigate to ADUC on server management, navigate to the OU that the user
> exist.
> 2. Right click the OU, choose delegate control.
> 3. Follow the wizard to delegate the permission to the special user.
>
> You can refer to the article below to see which kinds of permission, you
> can delegate to the users:
>
> Delegate control Wizard on SBS 2003 server:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
> activedirectory/stepbystep/ctrlwiz.mspx
>
> I appreciate your understanding, if you have any further concerns; please
> feel free to let me know. I will be here waiting for your updates.
>
>
>
> Best regards,
>
> Charles Yang (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>


.

Relevant Pages

  • Re: COM Server Permission Error
    ... On the SBS server: ... permissions to the default DCOM permission on the computer. ... Programs that use DCOM do not work correctly after you install Microsoft ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Active directory tools
    ... Distribution group, I make a lot of research on Microsoft tools, I am ... You can also search in this newsgroup to see if there are any other third ... How to list a permission of server share ... there is not a special tool to complete this report; ...
    (microsoft.public.windows.server.sbs)
  • RE: Screwed up Removing Sharepoint
    ... I uninstalled/reinstalled SharePoint ... only the domain admin has the access permission. ... > Microsoft CSS Online Newsgroup Support ... > This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: sbs user permissions
    ... Welcome to our SBS newsgroup. ... I understand that you want to customize one SBS user's permission to give ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: Dial-in properties access denied
    ... could you tell me if you have already checked the registry I ... should be read permission for local services account, ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)