G
Guest
Hi there,
Im currently trying to clean up security for our helpdesk users (all domain
admins ouch!). They need to maintain the ability to grant users access to
shares on fileservers and the only way I can see to do this is either make
them members of the local admins or server operators group. Unfortunately
some of the fileservers are DCs as well so they then need to be members of
the BUILTIN admin or server operators groups (which I'd prefer not to do).
Can anyone think of another way that I can grant the ability to manage
shares (and printers) without resorting to the local or builtin groups? I
read an article which talks about using TweakUI to modify registry
permissions however this only works on XP & Windows 2003, we still have
mostly W2k servers...
Thanks in advance
Anthony
Im currently trying to clean up security for our helpdesk users (all domain
admins ouch!). They need to maintain the ability to grant users access to
shares on fileservers and the only way I can see to do this is either make
them members of the local admins or server operators group. Unfortunately
some of the fileservers are DCs as well so they then need to be members of
the BUILTIN admin or server operators groups (which I'd prefer not to do).
Can anyone think of another way that I can grant the ability to manage
shares (and printers) without resorting to the local or builtin groups? I
read an article which talks about using TweakUI to modify registry
permissions however this only works on XP & Windows 2003, we still have
mostly W2k servers...
Thanks in advance
Anthony