Re: System Administrator access to domain controllers

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 09/27/04

• Next message: Miha Pihler: "Re: HELP!!! Unable to logon to Server 2000"
• Previous message: Dave W: "Re: HELP!!! Unable to logon to Server 2000"
• In reply to: Marc: "System Administrator access to domain controllers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 27 Sep 2004 18:59:26 GMT

Only domain admins can do what you want in Windows 2000 - change
configuration of tcp/ip and such. Windows 2003 has added the network
configuration operators group to allow non admins to change tcp/ip
configuration. There may be a workaround for changing the tcp/ip
configuration. I have not tried this myself but see the JSI tip in the link
below on how to use Scheduled Tasks to configure a task to run once. That
may work if it use netsh to change the tcp/ip configuration in a batch file.
Be sure to test it out if you want to consider it.. -- Steve

http://www.jsiinc.com/SUBG/TIP3000/rh3063.htm
http://www.winnetmag.com/Windows/Article/ArticleID/41111/41111.html --
netsh examples.

"Marc" <Marc@discussions.microsoft.com> wrote in message
news:A06A4D19-48D4-4329-BCC2-3319C011EDB6@microsoft.com...
>I can't seem to find this information anywhere and I'm hoping someone can
> help. Management of the active directory in my org is split between the
> physical maintenance of domain controllers and maintenance of the active
> directory. I am trying to figure out a way in which I can grant a group
> access to our DC's so they can maintain them. I have added them to server
> operator for local login but they are prohibited from doing certain things
> like changing server IP addresses etc. Are there any rights or groups
> other
> then domain admin or administrator I can add them to that would allow them
> to
> change configuration information on a DC? I'm especially concerned with
> IP
> addresses as we are moving DC's from an old data center to a new one.
> Thanks
> in advance,
> Marc

• Next message: Miha Pihler: "Re: HELP!!! Unable to logon to Server 2000"
• Previous message: Dave W: "Re: HELP!!! Unable to logon to Server 2000"
• In reply to: Marc: "System Administrator access to domain controllers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: can send but not receive ... This can be an issue with a firewall blocking traffic, or the TCP/IP stack could be corrupted (i.e. can't change tcpip configuration) ... 299357 How to Reset Internet Protocol (TCP/IP) in Windows XP ... >network status shows outbound is okay. ... (microsoft.public.win2000.networking) Re: AD - Computer Policy ... if you are not statically configuring tcp/ip then you can use a dhcp ... server/scope to assign tcp/ip configuration including dns servers. ... network assuming it uses dhcp. ... I set up an AD COMPUTER Policy in my domain to set the DNS servers in IP ... (microsoft.public.win2000.security) Re: Firewall Suggestions ... I find it hard to believe it is a TCP/IP issue if you are also being told to ... You might be better off with a a hardware device that has a bit more ... One firewall one configuration. ... (comp.security.firewalls) Re: Firewall Suggestions ... TCP/IP to communicate across the network regardless of which protocol you ... Hardware device written all over this one. ... One firewall one configuration. ... (comp.security.firewalls) Re: Companyweb ... On your external nic, TCP/IP should be the only item checked, then advanced, ... In ISA, Network Configuration, LAT, make sure that only the ... > DNS suffix: ... (microsoft.public.windows.server.sbs)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint