I have customer requested to have new security group (a group created by himself with new IT staff) granted with a certain rights to administer the servers and network related tasks.
he will create new group and their role as below:-
1-HelpDesk: Add/Remove User ID and join Domain, network configuration, re-set psw
2-Service Admin Operator: run, start, stop services of all domain servers, install programs, re-set psw, network
configuration, DHCP, DNS...server services
3-Group policy editting: registry editting
4-File Share Group: have right to access to all fileshare and folders
5-Service account group: to group all services accounts
Applications already have its own services account so customer will group it own themself, no change on the permissions
of these account and group
i believe i need to configure at GPO to allow those group with that rights. just wonder if there is any article that i can refer?