RE: Allow custom group access to Power User server console?
- From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
- Date: Fri, 06 Apr 2007 09:16:26 GMT
Hi Ross,
Thanks for posting in our newsgroup.
From your description, I know you want some security groups to run thePower Users server management console without putting them in the Power
Users group? If I am off-base, please don't hesitate to let me know.
Based on my research, there is no way to let other security group run the
Power Users server management console, because to launch Power Users server
management console, Power User credential is needed. When an Admin user
logs on, Server Management console is launched from the Startup folder.
LaunchConsole.exe from the Startup folder launches either Server Management
or Server Management for Power Users console depending on the credentials
of the user.
When administrator logons, Server Management is open: C:\Documents and
Settings\All Users\Application
Data\Microsoft\SmallBusinessServer\Administration\itprosbsconsole.msc.
When power user logons, Server Management for Power Users is open:
C:\Documents and Settings\All Users\Application
Data\Microsoft\SmallBusinessServer\Administration\mysbsconsole.msc.
The Server Management for Power Users console hides the server complexity
(Active Directory, IIS, Exchange, etc.), and provides a task-oriented
environment from which users can solve most of the issues that cause them
to log on to the server.
The Power user can only use the following items in Server Management
console: Users, Computer, Groups, Printer and Fax Printer, Internet Web
Sites, Shared Folders. When Power User adds a user, he can only use the
User Template and Mobile User Template.
For more information, please refer to:
Filter using security groups
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
rHelp/a2ae66ed-2bd0-47e3-9a77-6677af514b17.mspx
Security filtering using GPMC
http://technet2.microsoft.com/WindowsServer/en/library/a2ae66ed-2bd0-47e3-9a
77-6677af514b171033.mspx?mfr=true
Hope above information helps.
If you need further assistance, please don't hesitate to let me know.
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<Thread-Topic: Allow custom group access to Power User server console?
<thread-index: Acd3eIqN1wo05UdQRduYpsnT4NRHgg==
<X-WBNR-Posting-Host: 220.233.30.178
<From: =?Utf-8?B?Um9zcyBN?= <RossM@xxxxxxxxxxxxxxxxxxxxxxxxx>
<Subject: Allow custom group access to Power User server console?
<Date: Thu, 5 Apr 2007 04:50:00 -0700
<Lines: 24
<Message-ID: <AB34697B-685A-4DBE-8D29-2E04C857362D@xxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain;
< charset="Utf-8"
<Content-Transfer-Encoding: 7bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
<Newsgroups: microsoft.public.windows.server.sbs
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:27933
<NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Is there a way of allowing other security groups to run the Power Users
server
<management console without putting them in te Power Users group?
<
<I want to provide the reverse security access behaviour of normal Power
<User group for some staff - i.e. I want to allow them to log into the
<console of server, but restrict them from gaining access via RWW or
Terminal
<Server. The main functions are to check a program interface that runs on
the
<server console, manage new (non admin) user acounts and to administer
<Exchange distribution groups & contacts.
<
<Preferably there would also be some way to restrict this "office
<administrator" from providing new users with RWW/OWA access.
<
<I have a few customers that want this functionality - local
administration,
<but no unsupervised access from outside the office. The customers are
<concerned with potential for data theft, but want delegated admin for
basic
<tasks.
<
<Also, is there any in-depth documetnation that explains the interaction
<between all the default security groups & group policy settings? Trying to
<figure it out by "reverese engineering" is painful - I am sure it is
<documetned somewhere - just hope it is available!
<
<Thanks for any advice.
<
.
- Follow-Ups:
- Prev by Date: Re: SSL Certificates for use with Nokia E61, OWA, RWW...
- Next by Date: Re: limit "out of office" response
- Previous by thread: RE: Need comprehensive ISA Reporting
- Next by thread: RE: Allow custom group access to Power User server console?
- Index(es):
Relevant Pages
|
