Improve company productivity with a Business Account.Sign Up

x
?
Solved

Active Directory question

Posted on 2014-02-11
3
Medium Priority
?
148 Views
Last Modified: 2014-02-20
Hello everyone

We are delegating certain administrative duties to a user within an Organizational Unit (OU). He should have pretty much, full rights to administer his OU, but no rights within the rest of AD.
He is trying to write login scripts, and perhaps other scripts for his users to execute. The problem is, when he goes to save these scripts, he’s denied access to save the scripts in the default, SYSVOL area.

Are there some kind of access rights I can give him as a delegate on that OU to be able to save the scripts to this area? If so, what are they? If not, how can we best accomplish this?


Cheers
0
Comment
Question by:Bibecu
3 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39851237
SYSVOL is by nature a read only folder but you could give this guy (or better the security group he is in) write privileges on the SYSVOL folder.
0
 
LVL 41

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39851296
Try to avoid manual permissions on AD folders like Sysvol
Its not painless to recover Sysvol permissions if it created any problem with custom permissions

If you have file server accessible to all, you could create regular share  folder with everyone and authenticated users read permissions with delegated user modify rights on that so that he can use that folder path in GPO and users \ computers will read scripts from there

Also you need to grant him delegated rights to create GPO for his OU
This can be achieved by going GPMC\group policy objects container delegation tab and add required user to create\edit\modify\full GPO rights
This will allow him to create GPO in his OU and sub OUs if any

Mahesh
0
 

Author Closing Comment

by:Bibecu
ID: 39874729
Sorry for the delay answering to your post, I followed your advices and everything works very well  Thank you so much Malesh !
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article explains how to install and use the NTBackup utility that comes with Windows Server.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question