|
Posted by Roger Abell [MVP] on March 15, 2006, 3:24 am
If you were Registered and logged in, you could reply and use other advanced thread options
Please do not take this incorrectly, but I would strongly encourage
you to do some research into how Windows Active Directory is
managed. I say this only because your stated needs show you have
a fairly sophisticated deployment (AD + Exchange, with delegated
management), and also as all of these stated needs are pretty much
standard things. If you spend some time becoming informed on
the basics of the system then it is much more likely that you will
have a good experience, with a system more likely to remain
healthy, stable, and effectively trimmed to your needs.
Most of what you are after is done with
User Rights (1, 2, and 4)
Group membership (2)
AD delegation of control (3 - create users)
I am not an Exchange person so I leave 3 - mailboxes to another.
> 1-Logon to the server locally and remotely trough terminal services
user right to log on locally + membership in the Remote Desktop users
group, + enable use of remote desktop in system properties
> 2-Backup and restore data
two different user rights, backup and restore
> 3-create users
see delegation of control - there is a wizard in the context menu
(right click) of AD container objects
> 4-Join workstations to the domain
there is a user right named almost just like that
>
> Hi All,
>
> I am trying to give a user the following privileges in an MS2003 Active
> Directory environment:
>
> This user must be able to:
>
> 1-Logon to the server locally and remotely trough terminal services
> 2-Backup and restore data
> 3-create users and mailboxes
> 4-Join workstations to the domain
>
>
> This user must be unable to:
>
> 1-Change the permission on a folder or file.
> 2-Take the ownership of a folder or file
> 3-Make himself member of the administrators group
>
> Any ideas on how this can be done?
>
> Thank you all,
>
>
>
>
> Do u have an idea how this can be done?
| 
XML site map