Guest ADP Comm Posted January 28, 2008 Posted January 28, 2008 Hello, I'm trying to setup a policy to grant access for a security group to have domain admin level access only on a few specific servers. We are using OCS and the chosen few to be administrators for it are not domain admins. I have read and understand they will need domain admin rights for some aspects of the software. I only want to enable the group to have admin rights on the OCS servers. Where do I find the correct policy to accomplish this? Any and all assistance would be appreciated.
Guest Florian Frommherz [MVP] Posted January 28, 2008 Posted January 28, 2008 Re: Group Policy help Howdie! ADP Comm schrieb: > Hello, > I'm trying to setup a policy to grant access for a security group to have > domain admin level access only on a few specific servers. We are using OCS > and the chosen few to be administrators for it are not domain admins. I have > read and understand they will need domain admin rights for some aspects of > the software. I only want to enable the group to have admin rights on the OCS > servers. Where do I find the correct policy to accomplish this? Any and all > assistance would be appreciated. Have a look at the "Restricted Groups" feature: http://www.frickelsoft.net/blog/?p=13 cheers, Florian -- Microsoft MVP - Windows Server - Group Policy. eMail: prename [at] frickelsoft [dot] net. blog: http://www.frickelsoft.net/blog.
Guest ADP Comm Posted January 28, 2008 Posted January 28, 2008 Re: Group Policy help Thank you for the reply and it does explain things well I think. I am still trying to determine how to further restrict the group used for in the new policy, under 'Restricted Groups'. This first part does accomplish part of my goal. It is the second half, how to restrict them to specific machines is what I am trying to do. "Florian Frommherz [MVP]" wrote: Have a look at the "Restricted Groups" feature: http://www.frickelsoft.net/blog/?p=13 cheers, Florian -- Microsoft MVP - Windows Server - Group Policy. eMail: prename [at] frickelsoft [dot] net. blog: http://www.frickelsoft.net/blog.
Guest BBW Posted January 28, 2008 Posted January 28, 2008 Re: Group Policy help A sloppy answer, i think, is to create a sub OU, move the machines that you don't want them to have access to and restrict that one Policy...? Just a thought as I need to do this also on other issues. "ADP Comm" <ADPComm@discussions.microsoft.com> wrote in message news:EF0EBFC9-FA9B-4CD8-8A92-804F9DA7D3D9@microsoft.com... > Thank you for the reply and it does explain things well I think. I am > still > trying to determine how to further restrict the group used for in the new > policy, under 'Restricted Groups'. > This first part does accomplish part of my goal. It is the second half, > how > to restrict them to specific machines is what I am trying to do. > > > "Florian Frommherz [MVP]" wrote: > > Have a look at the "Restricted Groups" feature: > > http://www.frickelsoft.net/blog/?p=13 > > cheers, > > Florian > -- > Microsoft MVP - Windows Server - Group Policy. > eMail: prename [at] frickelsoft [dot] net. > blog: http://www.frickelsoft.net/blog. >
Guest ADP Comm Posted January 28, 2008 Posted January 28, 2008 Re: Group Policy help It sounds like a nice idea however at this time, OU's aren't working as they should on the network I'm supporting. "BBW" wrote: > A sloppy answer, i think, is to create a sub OU, move the machines that you > don't want them to have access to and restrict that one Policy...? > > Just a thought as I need to do this also on other issues.
Guest Florian Frommherz [MVP] Posted January 29, 2008 Posted January 29, 2008 Re: Group Policy help Howdie! ADP Comm schrieb: > Thank you for the reply and it does explain things well I think. I am still > trying to determine how to further restrict the group used for in the new > policy, under 'Restricted Groups'. > This first part does accomplish part of my goal. It is the second half, how > to restrict them to specific machines is what I am trying to do. Just like BBW replied, you need to link that policy to the OU where the specific machine accounts are in. cheers, Florian -- Microsoft MVP - Windows Server - Group Policy. eMail: prename [at] frickelsoft [dot] net. blog: http://www.frickelsoft.net/blog.
Guest Florian Frommherz [MVP] Posted January 29, 2008 Posted January 29, 2008 Re: Group Policy help Howdie! ADP Comm schrieb: > It sounds like a nice idea however at this time, OU's aren't working as they > should on the network I'm supporting. What do you mean by "OUs aren't working as they should"? cheers, Florian -- Microsoft MVP - Windows Server - Group Policy. eMail: prename [at] frickelsoft [dot] net. blog: http://www.frickelsoft.net/blog.
Recommended Posts