I like Joe Richard's option - DCPromo it out, let the tech work on it, and DCPromo it back in
-------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Chris Lynch [mailto:[EMAIL PROTECTED] > Sent: Friday, May 21, 2004 11:27 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Domain Controller Security... > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I'm wondering if anyone has accomplished the following: > > Provided different security policies to multiple DC's within the same > domain, but different OU's for field techs to manage resources on > just that DC without giving Server Operators rights. > > I have almost all of the requirements resolved, except the ability to > create shares. I have modified the security on the > HKLM\System\CurrentControlSet\Services\LanManserver and > HKLM\System\ControlSet001\Services\LanManserver with no success. > Every document I have read about where the shares definitions are > stored are located in these two reg keys. > > I know the simple way would be to deploy another server to that > location and give them local Administrator rights. But, management > doesn't want to do this. > > Thanks for any input, > > Chris Lynch > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0.3 > Comment: Public PGP Key for Chris Lynch > > iQA/AwUBQK4f0m9fg+xq5T3MEQKvyACfR40Wo0raZykKESlI9BlWQnO9CREAoIr4 > BT+9sM9+/PU1ca4fioHgTuMm > =k33B > -----END PGP SIGNATURE----- > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
