use of compmgmt.msc to create/manage remote shares + ntfs permissions
From: Andy S (smithers_at_altavista.net)
Date: 04/28/05
- Previous message: Eduardo Francos: "Re: password question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Apr 2005 00:39:23 -0700
Hi,
As part of head office security recommendations, we are setting up our
helpdesk staff to use RUNAS to launch various tasks (e.g. user
creation) only when they need to carry out those tasks. This allows
their logon account to be a non-admin.
A small problem I have encountered with Computer Management
(compmgmt.msc). It has this great feature to allow the ntfs
permissions to be set on a remote computer whilst creating a share.
This is a really useful feature, which works great for me because I'm
a Domain Admin.
However, for our helpdesk team, who are NOT members of the local
administrators group on these remote servers (they are server
operators however), they are unable to do the ntfs management part. It
seems to me that this is because compmgmt.msc is using the root $
shares (C$ etc) to connect on the fly to the remote server, which they
obviously don't have admin rights to.
They DO however have full management rights to all the data on these
remote servers, via non-hidden 'admin' shares that we created for
them.
Is there any way to get compmgmt.msc to use other shares than C$/D$
etc DURING the share creation phase??
It's a nice to have, I know (they can use explorer via Runas to
connect to their 'admin' shares after the user share has been
created), but for streamlining of their processes, it would be good if
we could modify this behaviour in some way.
- Previous message: Eduardo Francos: "Re: password question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
