D
dude
We recently depolyed a DC at a branch office. This is a one forest/one
domain/multiple OU design. I have already delegated full rights to their OU
to a regional global group I setup. However, I still need to delegate full
rights to the actual DC itself, which is located in the default Domain
Controllers OU in AD. I know there is local security policy and domain
controller security involved. The Logon Locally rights is already granted
so they can logon interactively. However, it seems that something is still
missing that prevents them from performing all kinds of local admin
operations on there.
Any docs or pointers is appreciated
thank you
domain/multiple OU design. I have already delegated full rights to their OU
to a regional global group I setup. However, I still need to delegate full
rights to the actual DC itself, which is located in the default Domain
Controllers OU in AD. I know there is local security policy and domain
controller security involved. The Logon Locally rights is already granted
so they can logon interactively. However, it seems that something is still
missing that prevents them from performing all kinds of local admin
operations on there.
Any docs or pointers is appreciated
thank you