Active Directory question

Hello everyone

We are delegating certain administrative duties to a user within an Organizational Unit (OU). He should have pretty much, full rights to administer his OU, but no rights within the rest of AD.
He is trying to write login scripts, and perhaps other scripts for his users to execute. The problem is, when he goes to save these scripts, he’s denied access to save the scripts in the default, SYSVOL area.

Are there some kind of access rights I can give him as a delegate on that OU to be able to save the scripts to this area? If so, what are they? If not, how can we best accomplish this?


Cheers
BibecuAsked:
Who is Participating?
 
MaheshConnect With a Mentor ArchitectCommented:
Try to avoid manual permissions on AD folders like Sysvol
Its not painless to recover Sysvol permissions if it created any problem with custom permissions

If you have file server accessible to all, you could create regular share  folder with everyone and authenticated users read permissions with delegated user modify rights on that so that he can use that folder path in GPO and users \ computers will read scripts from there

Also you need to grant him delegated rights to create GPO for his OU
This can be achieved by going GPMC\group policy objects container delegation tab and add required user to create\edit\modify\full GPO rights
This will allow him to create GPO in his OU and sub OUs if any

Mahesh
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
SYSVOL is by nature a read only folder but you could give this guy (or better the security group he is in) write privileges on the SYSVOL folder.
0
 
BibecuAuthor Commented:
Sorry for the delay answering to your post, I followed your advices and everything works very well  Thank you so much Malesh !
0
All Courses

From novice to tech pro — start learning today.