Solved

Active Directory question

Posted on 2014-02-11
3
135 Views
Last Modified: 2014-02-20
Hello everyone

We are delegating certain administrative duties to a user within an Organizational Unit (OU). He should have pretty much, full rights to administer his OU, but no rights within the rest of AD.
He is trying to write login scripts, and perhaps other scripts for his users to execute. The problem is, when he goes to save these scripts, he’s denied access to save the scripts in the default, SYSVOL area.

Are there some kind of access rights I can give him as a delegate on that OU to be able to save the scripts to this area? If so, what are they? If not, how can we best accomplish this?


Cheers
0
Comment
Question by:Bibecu
3 Comments
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39851237
SYSVOL is by nature a read only folder but you could give this guy (or better the security group he is in) write privileges on the SYSVOL folder.
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39851296
Try to avoid manual permissions on AD folders like Sysvol
Its not painless to recover Sysvol permissions if it created any problem with custom permissions

If you have file server accessible to all, you could create regular share  folder with everyone and authenticated users read permissions with delegated user modify rights on that so that he can use that folder path in GPO and users \ computers will read scripts from there

Also you need to grant him delegated rights to create GPO for his OU
This can be achieved by going GPMC\group policy objects container delegation tab and add required user to create\edit\modify\full GPO rights
This will allow him to create GPO in his OU and sub OUs if any

Mahesh
0
 

Author Closing Comment

by:Bibecu
ID: 39874729
Sorry for the delay answering to your post, I followed your advices and everything works very well  Thank you so much Malesh !
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question