RE: Allow custom group access to Power User server console?
- From: Ross M <RossM@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 6 Apr 2007 03:02:03 -0700
Thanks for the reply Robert - you have the issue correct!
the first link you gave me (Filter using security groups) does not work.
(Yes, I did copy both lines correctly to cope with the fact that it wrapped
in the news reader window ;-) )
If I can't allow other fgroups to run Power User console, can I put a user
in this group, and then add additional security to this user to prevent the
user having RWW and OWA access? In other words, can I set up some scheme
where the additional security restrictions will over-ride the Power User
privileges for a specific user?
Another alternative would be if there is a simple console (similar to Power
Users) that allows users of the Mail Operators group to manage distribution
groups. Is there any such console available?
Finally, is there any detailed documentation about how the Management
Console operates within SBS? (It looks like an ASP.Net application) If there
is, maybe I can look at engineering a solution?
"Robert Li [MSFT]" wrote:
Hi Ross,.
Thanks for posting in our newsgroup.
From your description, I know you want some security groups to run the
Power Users server management console without putting them in the Power
Users group? If I am off-base, please don't hesitate to let me know.
Based on my research, there is no way to let other security group run the
Power Users server management console, because to launch Power Users server
management console, Power User credential is needed. When an Admin user
logs on, Server Management console is launched from the Startup folder.
LaunchConsole.exe from the Startup folder launches either Server Management
or Server Management for Power Users console depending on the credentials
of the user.
When administrator logons, Server Management is open: C:\Documents and
Settings\All Users\Application
Data\Microsoft\SmallBusinessServer\Administration\itprosbsconsole.msc.
When power user logons, Server Management for Power Users is open:
C:\Documents and Settings\All Users\Application
Data\Microsoft\SmallBusinessServer\Administration\mysbsconsole.msc.
The Server Management for Power Users console hides the server complexity
(Active Directory, IIS, Exchange, etc.), and provides a task-oriented
environment from which users can solve most of the issues that cause them
to log on to the server.
The Power user can only use the following items in Server Management
console: Users, Computer, Groups, Printer and Fax Printer, Internet Web
Sites, Shared Folders. When Power User adds a user, he can only use the
User Template and Mobile User Template.
For more information, please refer to:
Filter using security groups
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
rHelp/a2ae66ed-2bd0-47e3-9a77-6677af514b17.mspx
Security filtering using GPMC
http://technet2.microsoft.com/WindowsServer/en/library/a2ae66ed-2bd0-47e3-9a
77-6677af514b171033.mspx?mfr=true
Hope above information helps.
If you need further assistance, please don't hesitate to let me know.
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<Thread-Topic: Allow custom group access to Power User server console?
<thread-index: Acd3eIqN1wo05UdQRduYpsnT4NRHgg==
<X-WBNR-Posting-Host: 220.233.30.178
<From: =?Utf-8?B?Um9zcyBN?= <RossM@xxxxxxxxxxxxxxxxxxxxxxxxx>
<Subject: Allow custom group access to Power User server console?
<Date: Thu, 5 Apr 2007 04:50:00 -0700
<Lines: 24
<Message-ID: <AB34697B-685A-4DBE-8D29-2E04C857362D@xxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain;
< charset="Utf-8"
<Content-Transfer-Encoding: 7bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
<Newsgroups: microsoft.public.windows.server.sbs
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:27933
<NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Is there a way of allowing other security groups to run the Power Users
server
<management console without putting them in te Power Users group?
<
<I want to provide the reverse security access behaviour of normal Power
<User group for some staff - i.e. I want to allow them to log into the
<console of server, but restrict them from gaining access via RWW or
Terminal
<Server. The main functions are to check a program interface that runs on
the
<server console, manage new (non admin) user acounts and to administer
<Exchange distribution groups & contacts.
<
<Preferably there would also be some way to restrict this "office
<administrator" from providing new users with RWW/OWA access.
<
<I have a few customers that want this functionality - local
administration,
<but no unsupervised access from outside the office. The customers are
<concerned with potential for data theft, but want delegated admin for
basic
<tasks.
<
<Also, is there any in-depth documetnation that explains the interaction
<between all the default security groups & group policy settings? Trying to
<figure it out by "reverese engineering" is painful - I am sure it is
<documetned somewhere - just hope it is available!
<
<Thanks for any advice.
<
- Follow-Ups:
- RE: Allow custom group access to Power User server console?
- From: Robert Li [MSFT]
- RE: Allow custom group access to Power User server console?
- References:
- RE: Allow custom group access to Power User server console?
- From: Robert Li [MSFT]
- RE: Allow custom group access to Power User server console?
- Prev by Date: RE: Error at logon
- Next by Date: Re: DHCP - Router or Server 2003RC
- Previous by thread: RE: Allow custom group access to Power User server console?
- Next by thread: RE: Allow custom group access to Power User server console?
- Index(es):
Relevant Pages
|
Loading
