[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Junior Administrators - Delegation

Posted on 2014-08-28
2
Medium Priority
?
186 Views
Last Modified: 2014-08-29
Hello All,

I am looking to lock down some more junior administrators on site.  I am pretty familiar with the Delegation wizard and was looking to use this for the more basic tasks - Ultimately in some cases I want to remove the Domain Administrator rights.  

I am looking to achieve the following and would appreciate the experts view on this:

Admin needs to be able to add remove users etc - Delegation Wizard any need to create custom task pads?
Admin needs to be able to install drivers locally / remotely using RDP - Restricted Groups?
Admin should NOT be able to create or link group policies.
Admin should be allowed to add and manage print servers / file shares
Admin will need to be able to create administer mail boxes in Exchange 2010

I was looking to create a new Security Group Junior Admins - add that into restricted groups (adding rather than replacing) to provide local admin rights over the computers / servers within OU's specified.  


Does anyone solutions to the other aspects above?
0
Comment
Question by:BYRONJACKSON
2 Comments
 
LVL 37

Accepted Solution

by:
Jian An Lim earned 2000 total points
ID: 40291833
depends on what you trying to achieve.
you must remove domain admin rights to achieve this.

Admin needs to be able to add remove users etc -
add account operator security group.

Admin needs to be able to install drivers locally / remotely using RDP
assign the security group junior admin to local admin rights to the workstation or server. (push it out via group policy preference)


Admin should NOT be able to create or link group policies.
only domain admin have that rights.


Admin should be allowed to add and manage print servers / file shares
assign local admin rights to the workstation or server (except DC). (push it out via group policy preference, default domain policy will be fine)

Admin will need to be able to create administer mail boxes in Exchange 2010
add to Recipient Management security group


Note: this is one of the ways and not only way.
0
 

Author Comment

by:BYRONJACKSON
ID: 40292682
All good thank you so much
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Suggested Courses

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question