Now you see why we don't run other services on DCs :-) You can't do what you want to do, because the security on a DC isn't granular enough.
If you want to investigate alternative solutions, I would ask: A) why do you have DHCP at each site? and B) why do you need local administration of the DHCP service? Malcolm -----Original Message----- From: Jay Kulsh [mailto:[email protected]] Sent: Monday, 26 January, 2009 04:41 To: NT System Admin Issues Subject: Can we limit administration to One DHCP server in a domain? We have many sites in Winows 2003 domain with DHCP server running on a DC on each site. We would like a user (who is not a member of Domain Admins group) to administer only one DHCP server -- on his site. However, making him a member of DHCP administrators group gives him rights on all DHCP servers and DHCP users group can only view configuration of these servers. Perhaps, installing DHCP on a member server is a solution, but can this be achieved while keeping DHCP servers on DCs? Thanks. Jay Kulsh iLAN So. Pasadena, CA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ This e-mail, including any attached files, may contain confidential and privileged information for the sole use of the intended recipient. Any review, use, distribution, or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
