granting access...

[BOB]

Greetings,

I am working on delegation of control over different
aspects of our win2000 native-mode Active Directory
network. What I need now is delegate access to DNS (non-
AD integrated), DHCP and WINS to individual technicians
without granting them access to other resources on the
domain.

Any ideas?

I've used the delegation of control wizard and individual
ACLs to grant control over a specific departmental OU to a
specific technician. I would like to have each
departmental technician able to fully access DNS, DHCP and
WINS, but not expand the scope of their control past their
departmental OU.

Thanks for the help.
Bob

..

 

[Michael Johnston [MSFT]]

Within DNS, you can grant access to specific zones or all zones on the DNS server. Adding a user to the DNSAdmins group will give them admin access to
DNS services on all DNS servers in the domain. The other option would be to grant permissions for a user account to a specific zone. This would allow them
to add or change the properties of the zone. This only applies if the zone is AD integrated. DHCP on the other had has only the DHCP Admins group. This
grants admin privileges to DHCP services on all DHCP servers in the specific domain. Lastly, WINS has the WINS users group. This provides read-only
access to the WINS server's properties. There isn't a way to grant or delegate out WINS administration.

Thank you,
Mike Johnston
Microsoft Network Support


--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.