RE: Allow custom group access to Power User server console?
- From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
- Date: Mon, 09 Apr 2007 11:14:47 GMT
Hi Ross,
Hi,
Thanks for updating.
I am sorry for the delay due to the weekend.
Here are the answers for your questions:
1. Can I put a user in this group, and then add additional security to this
user to prevent the user having RWW and OWA access?
Based on my research, there is no way to create the group you want. But you
can prevent users from having RWW and OWA access by doing the following:
1) Disable RWW:
a) Open ADU&C.
b) Go to MyBusiness/SBSUsers.
c) Open the user's properties.
d) Click Member of tab.
e) Remove "Remote Web Workplace Users".
f) Click OK.
2) Disable OWA:
a) Open ADU&C.
b) Go to MyBusiness/SBSUsers.
c) Open the user's properties.
d) Click Exchange Features.
f) Choose Outlook Web Access.
g) Click Disable and click OK.
2. Another alternative would be if there is a simple console (similar to
Power Users) that allows users of the Mail Operators group to manage
distribution groups. Is there any such console available?
Based on my research, the SBS server only has two console,
itprosbsconsole.msc and mysbsconsole.msc. Another way is to create a
Distrubution Group Mangaed by a specific user. Then logon this user's
Outlook, he can manage new users to this group via Outlook.
3 Is there any detailed documentation about how the Management
Console operates within SBS? (It looks like an ASP.Net application) If
there is, maybe I can look at engineering a solution?
This problem is related to coding. Our newsgroup doesn't provide technical
support for this kind. Thanks for your understanding.
I hope the above info helps.
If you need further assistance, please don't hesitate to let me know.
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<Thread-Topic: Allow custom group access to Power User server console?
<thread-index: Acd4MqBQVN2IZKxXScmzbSsL/P8cgw==
<X-WBNR-Posting-Host: 207.46.199.61
<From: =?Utf-8?B?Um9zcyBN?= <RossM@xxxxxxxxxxxxxxxxxxxxxxxxx>
<References: <AB34697B-685A-4DBE-8D29-2E04C857362D@xxxxxxxxxxxxx>
<0#B5BxCeHHA.6068@xxxxxxxxxxxxxxxxxxxxxx>
<Subject: RE: Allow custom group access to Power User server console?
<Date: Fri, 6 Apr 2007 03:02:03 -0700
<Lines: 161
<Message-ID: <3A0FAEF0-B42C-40B4-9AF6-8A8A7E3841D5@xxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain;
< charset="Utf-8"
<Content-Transfer-Encoding: 7bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
<Newsgroups: microsoft.public.windows.server.sbs
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:28161
<NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Thanks for the reply Robert - you have the issue correct!
<
<the first link you gave me (Filter using security groups) does not work.
<(Yes, I did copy both lines correctly to cope with the fact that it
wrapped
<in the news reader window ;-) )
<
<If I can't allow other fgroups to run Power User console, can I put a user
<in this group, and then add additional security to this user to prevent
the
<user having RWW and OWA access? In other words, can I set up some scheme
<where the additional security restrictions will over-ride the Power User
<privileges for a specific user?
<
<Another alternative would be if there is a simple console (similar to
Power
<Users) that allows users of the Mail Operators group to manage
distribution
<groups. Is there any such console available?
<
<Finally, is there any detailed documentation about how the Management
<Console operates within SBS? (It looks like an ASP.Net application) If
there
<is, maybe I can look at engineering a solution?
<
<"Robert Li [MSFT]" wrote:
<
<> Hi Ross,
<>
<> Thanks for posting in our newsgroup.
<>
<> From your description, I know you want some security groups to run the
<> Power Users server management console without putting them in the Power
<> Users group? If I am off-base, please don't hesitate to let me know.
<>
<> Based on my research, there is no way to let other security group run
the
<> Power Users server management console, because to launch Power Users
server
<> management console, Power User credential is needed. When an Admin user
<> logs on, Server Management console is launched from the Startup folder.
<> LaunchConsole.exe from the Startup folder launches either Server
Management
<> or Server Management for Power Users console depending on the
credentials
<> of the user.
<>
<> When administrator logons, Server Management is open: C:\Documents and
<> Settings\All Users\Application
<> Data\Microsoft\SmallBusinessServer\Administration\itprosbsconsole.msc.
<>
<> When power user logons, Server Management for Power Users is open:
<> C:\Documents and Settings\All Users\Application
<> Data\Microsoft\SmallBusinessServer\Administration\mysbsconsole.msc.
<>
<> The Server Management for Power Users console hides the server
complexity
<> (Active Directory, IIS, Exchange, etc.), and provides a task-oriented
<> environment from which users can solve most of the issues that cause
them
<> to log on to the server.
<> The Power user can only use the following items in Server Management
<> console: Users, Computer, Groups, Printer and Fax Printer, Internet Web
<> Sites, Shared Folders. When Power User adds a user, he can only use the
<> User Template and Mobile User Template.
<>
<> For more information, please refer to:
<> Filter using security groups
<>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
<> rHelp/a2ae66ed-2bd0-47e3-9a77-6677af514b17.mspx
<>
<> Security filtering using GPMC
<>
http://technet2.microsoft.com/WindowsServer/en/library/a2ae66ed-2bd0-47e3-9a
<> 77-6677af514b171033.mspx?mfr=true
<>
<> Hope above information helps.
<>
<> If you need further assistance, please don't hesitate to let me know.
<>
<>
<> Best regards,
<>
<> Robert Li(MSFT)
<>
<> Microsoft CSS Online Newsgroup Support
<>
<> Get Secure! - www.microsoft.com/security
<>
<> =====================================================
<>
<> This newsgroup only focuses on SBS technical issues. If you have issues
<> regarding other Microsoft products, you'd better post in the
corresponding
<> newsgroups so that they can be resolved in an efficient and timely
manner.
<> You can locate the newsgroup here:
<> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<>
<> When opening a new thread via the web interface, we recommend you check
the
<> "Notify me of replies" box to receive e-mail notifications when there
are
<> any updates in your thread. When responding to posts via your
newsreader,
<> please "Reply to Group" so that others may learn and benefit from your
<> issue.
<>
<> Microsoft engineers can only focus on one issue per thread. Although we
<> provide other information for your reference, we recommend you post
<> different incidents in different threads to keep the thread clean. In
doing
<> so, it will ensure your issues are resolved in a timely manner.
<>
<> For urgent issues, you may want to contact Microsoft CSS directly.
Please
<> check http://support.microsoft.com for regional support phone numbers.
<>
<> Any input or comments in this thread are highly appreciated.
<>
<> =====================================================
<>
<> This posting is provided "AS IS" with no warranties, and confers no
rights.
<>
<> --------------------
<> <Thread-Topic: Allow custom group access to Power User server console?
<> <thread-index: Acd3eIqN1wo05UdQRduYpsnT4NRHgg==
<> <X-WBNR-Posting-Host: 220.233.30.178
<> <From: =?Utf-8?B?Um9zcyBN?= <RossM@xxxxxxxxxxxxxxxxxxxxxxxxx>
<> <Subject: Allow custom group access to Power User server console?
<> <Date: Thu, 5 Apr 2007 04:50:00 -0700
<> <Lines: 24
<> <Message-ID: <AB34697B-685A-4DBE-8D29-2E04C857362D@xxxxxxxxxxxxx>
<> <MIME-Version: 1.0
<> <Content-Type: text/plain;
<> < charset="Utf-8"
<> <Content-Transfer-Encoding: 7bit
<> <X-Newsreader: Microsoft CDO for Windows 2000
<> <Content-Class: urn:content-classes:message
<> <Importance: normal
<> <Priority: normal
<> <X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
<> <Newsgroups: microsoft.public.windows.server.sbs
<> <Path: TK2MSFTNGHUB02.phx.gbl
<> <Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:27933
<> <NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<> <X-Tomcat-NG: microsoft.public.windows.server.sbs
<> <
<> <Is there a way of allowing other security groups to run the Power Users
<> server
<> <management console without putting them in te Power Users group?
<> <
<> <I want to provide the reverse security access behaviour of normal Power
<> <User group for some staff - i.e. I want to allow them to log into the
<> <console of server, but restrict them from gaining access via RWW or
<> Terminal
<> <Server. The main functions are to check a program interface that runs
on
<> the
<> <server console, manage new (non admin) user acounts and to administer
<> <Exchange distribution groups & contacts.
<> <
<> <Preferably there would also be some way to restrict this "office
<> <administrator" from providing new users with RWW/OWA access.
<> <
<> <I have a few customers that want this functionality - local
<> administration,
<> <but no unsupervised access from outside the office. The customers are
<> <concerned with potential for data theft, but want delegated admin for
<> basic
<> <tasks.
<> <
<> <Also, is there any in-depth documetnation that explains the interaction
<> <between all the default security groups & group policy settings? Trying
to
<> <figure it out by "reverese engineering" is painful - I am sure it is
<> <documetned somewhere - just hope it is available!
<> <
<> <Thanks for any advice.
<> <
<>
<>
<
.
- References:
- RE: Allow custom group access to Power User server console?
- From: Robert Li [MSFT]
- RE: Allow custom group access to Power User server console?
- From: Ross M
- RE: Allow custom group access to Power User server console?
- Prev by Date: Re: problem connecting to server from XP
- Next by Date: RE: Out of Office not working externally, despite correct settings
- Previous by thread: RE: Allow custom group access to Power User server console?
- Next by thread: RE: Error at logon
- Index(es):
Relevant Pages
|
|
