Delegate full rights to a DC?

D

dude

We recently depolyed a DC at a branch office. This is a one forest/one
domain/multiple OU design. I have already delegated full rights to their OU
to a regional global group I setup. However, I still need to delegate full
rights to the actual DC itself, which is located in the default Domain
Controllers OU in AD. I know there is local security policy and domain
controller security involved. The Logon Locally rights is already granted
so they can logon interactively. However, it seems that something is still
missing that prevents them from performing all kinds of local admin
operations on there.

Any docs or pointers is appreciated

thank you
 
D

dude

Can not even change system time, pull up device manager, change power
profile for the machine.. etc. Simple local admin related functions. I
can't be the first one who needs this ability. Again, I want the branch
admins to have full local admin rights to the DC's at their locations,
without giving them the Domain Admin rights.

any more thoughts?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to delete the DC computer account from the Domain Controllers 4
logon locally rights for DC 2
"Local administrator" access to one DC without being full administrator on the whole domain 1
How to delegate rights to "move" objects ? 1
Problems to Add users to group 3
Can't delegate Unlock right after following KB294952 1
Logon Locally for DC Part 2 1
GPO for Local accounts on DC 1

Top