Re: Possible to grant additional rights to a built-in group
From: Christian (badeanden_at__no_spam_hotmail.com)
Date: 10/01/04
- Next message: Steven L Umbach: "Re: Removing an XP computer from Domain Controllers group."
- Previous message: GreyhawkC&D: "Removing an XP computer from Domain Controllers group."
- In reply to: Steven L Umbach: "Re: Possible to grant additional rights to a built-in group"
- Next in thread: Steven L Umbach: "Re: Possible to grant additional rights to a built-in group"
- Reply: Steven L Umbach: "Re: Possible to grant additional rights to a built-in group"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 1 Oct 2004 03:45:06 +0200
Thanks for you reply.
I am aware how to delegate authority and how to use the various security
policies ... in my own opinion, at least ;-)
Delegation and security plicies does not help me here, I am affraid. I need
to assign additional access rights to a built-in group (DHCP USers) already
granted to another built-in group (DHCP Administrators). My problem is that
I don't have a clue what those rights are for the DHCP service and where
they are assigned. I am pretty sure it is not delegation issue, though.
I have assigned my test users Full Control everywhere I can think of
(OU/NetServices/file system etc.), but unless I assign the to the
Administrators or DHCP Administrators group, they still get "Access is
Denied" for all the actions in the DHCP console.
Cheers,
Christian
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:eNX5jOxpEHA.2724@TK2MSFTNGP14.phx.gbl...
> You can manage user rights in the appropriate security policy such as
> domain/local/OU. For instance open Local Security Policy via secpol.msc
> and then go to security settings/local policies/user rights to view the
> user rights that can be configured. For an Active Directory domain you can
> "delegate" authority to users/groups for many administrative tasks. The
> link below explains in more detail. --- Steve
>
>
> http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/delegsteps.asp
>
> "Christian" <badeanden@_no_spam_hotmail.com> wrote in message
> news:%23GoA9IspEHA.1668@TK2MSFTNGP14.phx.gbl...
>> Is it possible to grant additional user rights to a built-in group?
>> How can I see what the currect access rights are and to what objects they
>> apply?
>>
>> I am trying to enhance the capabilities of the DHCP Users built-in group
>> to allow my HelpDesk perform minor adminitrative tasks without adding
>> them to the DHCP Administrators built-in group.
>>
>> Any pointers are greatly appreciated!
>>
>> Cheers,
>> Christian
>>
>
>
- Next message: Steven L Umbach: "Re: Removing an XP computer from Domain Controllers group."
- Previous message: GreyhawkC&D: "Removing an XP computer from Domain Controllers group."
- In reply to: Steven L Umbach: "Re: Possible to grant additional rights to a built-in group"
- Next in thread: Steven L Umbach: "Re: Possible to grant additional rights to a built-in group"
- Reply: Steven L Umbach: "Re: Possible to grant additional rights to a built-in group"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
