2020. 2. 13. 22:21ㆍ카테고리 없음
Hi, we have a problem with assigning specific rights like DHCP- or DNS Admins. The initial situation is the following: Our DHCP Server as our DNS Servers are Domain Controllers at the same time. That means, we have no local groups to configure these rights. But there are two builtin Groups in the Domain (DHCP Admins & DHCP Administrators) which should work for this task. But if we assign one of these group to another group or a user, it take no effect on it.
It looks like these Domain Groups haven`t any permissions on the Servers. It isn`t possible to open the DNS or the DHCP Console. The goal is, that we can assign one of these groups an the selected admin should be able to administrate the DNS and the DHCP Service by rdp and RSAT. Has anyone an idea why this don`t work? Thank you very much & best regards Manuel PS: Sorry for my bad english;-).
Shop Admin Hacking Tutorials
OK, once again I'm sorry for delay. I found it out and it is working fine, now. If you're still interested allowing your DHCP Administrators/DNS Administrators to run programs on DCs, you need to modify 'Default Domain Controller' policy and under Computer Configuration - Policies - Windows Settings - Security Settings - Local Policies - User Rights Assignment modify 'Impersonate a client after authentication' and put there these groups: - Administrators - LOCAL SERVICE - NETWORK SERVICE - SERVICE - DHCP Administrators - DNSAdmins This change require a DC reboot. After that, your users from DHCP/DNS Administrators group will be able to run consoles on DCs. You can reboot one DC by one to not affect authentication process within your domain or wait after business hours and reboot them all. However, remember that granting them direct access to DCs with possibility to run consoles, they may corrupt incidentaly DC Just only to remind you once again:) Krzysztof.