We help IT Professionals succeed at work.

special superviewer user creation in windows 2000/2003/2008

Line One
Line One used Ask the Experts™
on
I want to create a special user on Windows servers that has the following rights:

right to view all AD objects and properties of those objects but not change or modify
right to view all permissions/ACL lists/security settings but not change or modify
right to view all files/folders etc. but not change or modify any thought  the ID can create modify new Word and Excel files in their home folder

What are the steps to do so?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
Commented:

Author

Commented:
Basically it seems I just go to the root and give 'Read' rights in both cases. Is that correct? Also it sounds like it might be best to create a group called superviewer for example and just put the ID in there of the person/persons that these rights are to be given to.
Top Expert 2010
Commented:
To apply the rights specified above, it would be good to create the group.  Then, use the delegation wizard to set the proper rights to that group.  You can access the delegation wizard by right-clicking where ever you want those rights to start.
Top Expert 2010

Commented:
Sorry, I was referring specifically to the AD objects in my comment above.

Author

Commented:
Thanks for the info.
Top Expert 2010

Commented:
you bet...thanks for the points!