Solved

Active Directory question

Posted on 2014-02-11
3
138 Views
Last Modified: 2014-02-20
Hello everyone

We are delegating certain administrative duties to a user within an Organizational Unit (OU). He should have pretty much, full rights to administer his OU, but no rights within the rest of AD.
He is trying to write login scripts, and perhaps other scripts for his users to execute. The problem is, when he goes to save these scripts, he’s denied access to save the scripts in the default, SYSVOL area.

Are there some kind of access rights I can give him as a delegate on that OU to be able to save the scripts to this area? If so, what are they? If not, how can we best accomplish this?


Cheers
0
Comment
Question by:Bibecu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39851237
SYSVOL is by nature a read only folder but you could give this guy (or better the security group he is in) write privileges on the SYSVOL folder.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39851296
Try to avoid manual permissions on AD folders like Sysvol
Its not painless to recover Sysvol permissions if it created any problem with custom permissions

If you have file server accessible to all, you could create regular share  folder with everyone and authenticated users read permissions with delegated user modify rights on that so that he can use that folder path in GPO and users \ computers will read scripts from there

Also you need to grant him delegated rights to create GPO for his OU
This can be achieved by going GPMC\group policy objects container delegation tab and add required user to create\edit\modify\full GPO rights
This will allow him to create GPO in his OU and sub OUs if any

Mahesh
0
 

Author Closing Comment

by:Bibecu
ID: 39874729
Sorry for the delay answering to your post, I followed your advices and everything works very well  Thank you so much Malesh !
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Server 2008 R2 - Clock Time out of synch 14 76
Change Exchange 2010 Namespace 6 71
Group Policy 5 19
WannaCry ransomware worm 2008 and 2012 server 1 145
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question