We help IT Professionals succeed at work.

DHCP DNS right

DRRAM
DRRAM asked
on
Please how can I give the right for a user to view without having the ability of modification the content of a DHCP (scope) and DNS ???
Server 1 (AD+DNS) and server2 (DHCP)
Comment
Watch Question

Hi add the user in power user group.he will be able to view without editing.
Sandesh DubeyTechnical Lead
CERTIFIED EXPERT
Top Expert 2011

Commented:
Dhcp does not have any ACL(Unlike DNS). So it is not possible to give read only permission.
Even if you install dhcp on a member server you wont be able to give read only permission to dhcp console.
When ever you install dhcp two groups gets created(If it is a dc then you can find the groups in dsa.msc) DHCP Administrator and DHCP Users.
So there is no way to give Dhcp read only permission to one particuler dhcp server(When server is a DC).

Regarding the DNS read only permission refer below link to assign read only permsiion to DNS.
http://blogs.technet.com/b/jlosey/archive/2009/09/02/granting-access-to-dns-management-mmc-to-a-non-admin.aspx

Author

Commented:
PLEASE "sayanta_19" can you give me more explanation about your idea for  view without having the ability of modification the content of a DHCP (scope) and DNS
SteveArchitect/Designer
CERTIFIED EXPERT

Commented:
Sorry mattey, Sandeshdubey is right. DHCP cannot be limited in the same way as DNS.
sayanta_19's option will not work for DHCP.

Author

Commented:
HOW CAN YOU DO FOR THE DNS
and
HOW CAN YOU DO FOR THE DHCP

Author

Commented:
Server 1 (AD+DNS) and server2 (DHCP)
SteveArchitect/Designer
CERTIFIED EXPERT

Commented:
for DNS, open DNS console and right click each dns Zone. on the security tab you can specify users and group access. As long as you select read only you should be fine.

as advised above, DHCP does not have such facility so its all or nothing.
Hi,

      Let me clarify few things,
1.I am assuming you are using 2003 dc and dns and dhcp is insalled in 2003 DC
2.Lets say you want to give a particular user a view only right on DHCp and DNS server
3.First add the user to "log on locally " the path would be open gpmc.msc edit domain controller policy
go to computer setting>security setting>local policy>user right assigment
4.Add the user to "DHCP user" group.
5.Now for DNS you have to do that from DNS management and that is zone specific
6.Under zone properties >security ,give read only permission to the user
7.Log in with the user ,he would only be able to view but he cannot edit.
8.This is tried and tested .
9.Please let me know if there is any confussion.
Technical Lead
CERTIFIED EXPERT
Top Expert 2011
Commented:
Members of the DHCP Users group have read-only DHCP console access to the server, which allows DHCP Users to view, but not to modify, server data, including DHCP server configuration, registry keys, DHCP log files, and the DHCP database. DHCP Users cannot create scopes, modify option values, create reservations or exclusion ranges, or modify the DHCP server configuration in any other way.

If DHCP is installed on DC refer below link to add user to  DHCP user group at a domain controller.
http://technet.microsoft.com/en-us/library/cc783279(WS.10).aspx

If DHCP is not installed on DC then you need to open Computer Management->Local Users & Group-->Groups-->DHCP Users...Add the user/group to this group.

Regarding the DNS read only permission refer below link to assign read only permssion to DNS.
http://blogs.technet.com/b/jlosey/archive/2009/09/02/granting-access-to-dns-management-mmc-to-a-non-admin.aspx 

Author

Commented:
thx

Explore More ContentExplore courses, solutions, and other research materials related to this topic.