New Security Group Permission/Rights for Windows AD environment.
I have customer requested to have new security group (a group created by himself with new IT staff) granted with a certain rights to administer the servers and network related tasks.
he will create new group and their role as below:-
1-HelpDesk: Add/Remove User ID and join Domain, network configuration, re-set psw
2-Service Admin Operator: run, start, stop services of all domain servers, install programs, re-set psw, network
configuration, DHCP, DNS...server services
3-Group policy editting: registry editting
4-File Share Group: have right to access to all fileshare and folders
5-Service account group: to group all services accounts
Applications already have its own services account so customer will group it own themself, no change on the permissions
of these account and group
i believe i need to configure at GPO to allow those group with that rights. just wonder if there is any article that i can refer?
thanks
he will create new group and their role as below:-
1-HelpDesk: Add/Remove User ID and join Domain, network configuration, re-set psw
2-Service Admin Operator: run, start, stop services of all domain servers, install programs, re-set psw, network
configuration, DHCP, DNS...server services
3-Group policy editting: registry editting
4-File Share Group: have right to access to all fileshare and folders
5-Service account group: to group all services accounts
Applications already have its own services account so customer will group it own themself, no change on the permissions
of these account and group
i believe i need to configure at GPO to allow those group with that rights. just wonder if there is any article that i can refer?
thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Jian An Lim,
I know there a some GPO setting need to change in order to add a security group to have certain rights.
just need some idea where to add those group into the correct policy so they have the right to administer the server..
I know there a some GPO setting need to change in order to add a security group to have certain rights.
just need some idea where to add those group into the correct policy so they have the right to administer the server..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
OP left the question. This is best we have hit the note and come out with solutions
How GPO comes to play?