-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I know. I agree that this isn't good security practice. I wouldn't recommend this as well. But, for the lack of space in most locations (and we are only talking about 4 locations), we would just like to give the local tech access to that DC only and no other DC in the domain. I can restrict them to log onto that DC local to them only (via GPO). I might just give them Server Operators rights, restrict them to log onto that DC only, and call it a day.
Thanks, Chris > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Roger Seielstad > Sent: Friday, May 21, 2004 10:19 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Domain Controller Security... > > True... I musta read half the question (again). > > > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: joe [mailto:[EMAIL PROTECTED] > > Sent: Friday, May 21, 2004 12:41 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Domain Controller Security... > > > > I am not sure that fits his requirements for this one... > > > > Sounds like he is file sharing from the DC (not something I > personally > > recommend) and obviously it would be a bit much to dcpromo down > > and back up to add a new share. > > > > joe > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Roger > > Seielstad > > Sent: Friday, May 21, 2004 11:54 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Domain Controller Security... > > > > I like Joe Richard's option - DCPromo it out, let the tech > work on it, > > and DCPromo it back in > > > > > > -------------------------------------------------------------- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -----Original Message----- > > > From: Chris Lynch [mailto:[EMAIL PROTECTED] > > > Sent: Friday, May 21, 2004 11:27 AM > > > To: [EMAIL PROTECTED] > > > Subject: [ActiveDir] Domain Controller Security... > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > I'm wondering if anyone has accomplished the following: > > > > > > Provided different security policies to multiple DC's > > within the same > > > domain, but different OU's for field techs to manage > > resources on just > > > that DC without giving Server Operators rights. > > > > > > I have almost all of the requirements resolved, except the > > ability to > > > create shares. I have modified the security on the > > > HKLM\System\CurrentControlSet\Services\LanManserver and > > > HKLM\System\ControlSet001\Services\LanManserver with no success. > > > Every document I have read about where the shares definitions are > > > stored are located in these two reg keys. > > > > > > I know the simple way would be to deploy another server to that > > > location and give them local Administrator rights. But, > management > > > doesn't want to do this. > > > > > > Thanks for any input, > > > > > > Chris Lynch > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: PGP 8.0.3 > > > Comment: Public PGP Key for Chris Lynch > > > > > > iQA/AwUBQK4f0m9fg+xq5T3MEQKvyACfR40Wo0raZykKESlI9BlWQnO9CREAoIr4 > > > BT+9sM9+/PU1ca4fioHgTuMm > > > =k33B > > > -----END PGP SIGNATURE----- > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 Comment: Public PGP Key for Chris Lynch iQA/AwUBQK5wem9fg+xq5T3MEQIcQgCbBHD/3P2lldjPMQYIuYX+bQbcy/gAn0JN HwFDAdmSI6kCuPCiwfkBn9ST =T64Z -----END PGP SIGNATURE----- List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
