You may be interested in the "Delegation of Control Wizard":
http://www.howtogeek.com/50166/using-the-delegation-of-control-wizard-to-assign-permissions-in-server-2008/
These permissions are all ACL based, so you can assign them by hand, but
the wizard is a nice shortcut.
- Adam Compton
On 6/6/13 9:49 AM, Edward Ned Harvey (lopser) wrote:
I've only been searching for like a half an hour yet, but so far I'm
finding only confusion -
Suppose you want to grant some admins the permission to join computers
to an AD domain, but only under a certain OU... Or you want certain
admins to be able to reset passwords while others cannot... Where are
these permissions located?
I started looking at AD RMS (rights management service) but I hope
that's the wrong direction. Because it requires a combination of stuff
installed on the server and client, which breaks the standard molds
we've deployed in this organization so far, so it will require me to
create a new OU, new GPO, new security policy (not to mention a new
server)... Using IIS / .Net / and various other services installed on
the server, but significantly different from the others we've deployed
before, as well as the AD RMS client on your laptop... It sounds
complex and labor intensive, and I'm not even sure it's what I'm
supposed to be doing, so I'm hoping this is the wrong direction to go...
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
