Solved

Delegating control of a single windows 2003 server in a domain

Posted on 2011-09-16
3
199 Views
Last Modified: 2012-05-12
We have regional centers and each regional center has a local DC. We have a tech at each regional center and I am wondering what would be the easiest way to give him "local" administrative privileges on the DC. I do not want to make him a domain admin. I would normally do this by going into Computer Management and assigning him to the local administrator group but this being a DC that is not an option. Any feedback is appreciated.
0
Comment
Question by:J C
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 36550904
What kinds of things do you need him to do, unfortunately there is no easy way to be a full admin on a DC short of making them builtin admins/domain admins.    

Thanks

Mike
0
 

Author Comment

by:J C
ID: 36550923
To be able to start/stop services.
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 250 total points
ID: 36555606
You can delegate control to non admin account to perform certain admin acitivity like reset password,create user,delete user,etc.

To delegate rights to control the sytem service:
http://www.windowsitpro.com/article/permissions/how-can-i-delegate-permission-for-a-user-or-group-to-control-certain-services-

0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question