• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 466
  • Last Modified:

Locking down permissions on DNS and DHCP

Is there a way to limit access to DNS and DHCP servers from Domain admins on the Windows network? I want specific domain admins access to these services and others no access.
Thomas N
Thomas N
2 Solutions
Yes, using the standard consoles you can edit each DHCP server/scope and each DNS server/zone with the appropriate read/write permissions as needed. I wouldn't remove read permission from them if I were you unless you know you really want to do that though!

Also, it might make long term management a bit easier to follow the AGDLP security structure that Microsoft recommend.


http://technet.microsoft.com/en-us/library/dd759157.aspx   (DHCP)

http://www.pearsonitcertification.com/articles/article.aspx?p=102617&seqNum=6    (DNS - lots of useful stuff, scroll down for your specific questions, section 3)
SandeshdubeySenior Server EngineerCommented:
Why you have added user to domain admin if you want to restrict them.I will recommend to remove the users from admin group.If you want delegate some basic activity to be perfrom on AD you need to delegate control as per requirement.You can also prevent them to login to DC by installing RSAT(Win7) or admin pak(WinXP) on there cleitn computer.

How to Delegate Basic Server Administration To Junior Administrators  http://support.microsoft.com/kb/555986

Best Practices for Delegating Active Directory Administration  http://www.microsoft.com/en-us/download/details.aspx?

You can apply deny permision to dhcp and dns in security permission to user in question but i will not recommend the same.Instead remove the users from admin group.You can also enable auditing to track the activity of users.http://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx

Hope this helps
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now