Re: WINS Access permissions
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Thu, 25 May 2006 14:00:09 -0400
No, I have looked at the source code, it really isn't possible.
MSFT stopped WINS dev work sometime ago, the last real work was done in some DB changes between NT4 and 2K (which is why you needed special DLLs in place if you moved a DB from an NT4 machine to a 2K machine). Real serious delegation other than read access wasn't looked into that I am aware.
Anyway, WINS itself is unauthenticated and insecure. The WINS admin stuff which is a completely separate interface is what is authenticated and secured. You can use tools such as nblookup or nmblookup to look at the records and if you look carefully through the SAMBA stuff you will find pieces that will modify info including adding/deleting records, etc. This isn't anything MSFT really made available because obviously there are some issues there.
You have the same thing with non-secured DNS now but there are tools readily available to do these modifications such as nsupdate which is a reason why MSFT was so keen on offering secured DDNS.
In general, I don't see the point in letting folks muck with WINS, it tends to take care of itself pretty well when admins stop fudging with it. I ran one of the larger single centralized WINS infrastructures in the world handling hundreds of thousands of machines and there were 3 people with rights to make changes and that was more than enough. What exactly is it that you think you need to give people the ability to do?
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Nobloz wrote:
It's a pitty that we don't know how. I still think it must be possible but....
It's a good idea moving the wins server to a member server. But have a server running only for wins is a little overhead for small companies. But it is better
then give them the AD permissions.
Thanks sofar.
Greetz,
Nobloz
"Steven L Umbach" wrote:
As Joe said you can't. What you might want to consider is to move WINS to a non domain controller and then you might feel better about adding the users to the local administrators group for that server which gives them no special powers in the domain other than disruption by messing up WINS records and configuration. --- Steve
"Nobloz" <Nobloz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:3CE007CF-E184-43E4-9D5E-063CD095393E@xxxxxxxxxxxxxxxxHi,
I want to make a Global / Local groep like WINS Users (when WINS is instaled
on a DC W2K3), but then that they have Full Permissins on WINS.
On the moment I need to give Administators permissions, and we don't want
that.
Any Idea where I can set this permission (delegation)
Greetz,
Nobloz
- References:
- Re: WINS Access permissions
- From: Steven L Umbach
- Re: WINS Access permissions
- Prev by Date: Permissions - local
- Next by Date: Re: Permissions - local
- Previous by thread: Re: WINS Access permissions
- Next by thread: Re: WINS Access permissions
- Index(es):
Relevant Pages
|
