Re: Split AD and Server Administration
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 08/18/05
- Previous message: Steven L Umbach: "Re: client authentication"
- In reply to: Onion: "Split AD and Server Administration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Aug 2005 00:43:08 -0500
If you do not need them to do all that on domain controllers then you can
make them local administrators on the computers/servers you want them to
manage and delegate them the permissions to add/remove computers as Roger
stated. However you will not be able to have them do all you describe on
domain controllers without being in the administrators group for the domain,
particularly change network settings and install applications. --- Steve
"Onion" <Onion@discussions.microsoft.com> wrote in message
news:D4F5D073-98D0-40C9-921C-23F1027B586B@microsoft.com...
>A year and a half ago we split support of Active Directory from the support
> of Windows Servers. At the current time we want to remove the Windows
> Server
> Team from Domain Admins and Administrators groups on the domain
> controllers.
> The Windows Server Team (WST) should be able to do all normal tasks like
> manage hardware, add/remove apps, run perfmon, change network settings,
> etc
> while only having the ability to add/remove computers from AD.
>
> Is all of this possible??? They would need more permissions than the
> default permissions granted to Server Operators. Any try to accomplish
> this?
- Previous message: Steven L Umbach: "Re: client authentication"
- In reply to: Onion: "Split AD and Server Administration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
