Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Note: Forums will be making significant UX changes to address key usability improvements surrounding search, discoverability and navigation. To learn more about these changes please visit the announcement which can be found HERE.
Windows Server TechCenter >
Managing WDS without being a domain admin

Answered Managing WDS without being a domain admin

  • Friday, May 18, 2012 8:58 PM
     
     
    Sign In to Vote
    0

    My supervisor has assigned a tech to manage our WDS servers. This tech is not a Domain Admin and we are not going to add him to Domain Admin for this one task. I have found some information suggesting the use the Delegate control in AD DS to give this tech rights to modify the WDS server objects(SCP), will this work? 

     

All Replies

  • Saturday, May 19, 2012 3:30 AM
     
     Answered
    Sign In to Vote
    0

    To fully administer a Windows Deployment Services server, you need the following permissions:

    • Local administrator of the Windows Deployment Services server. This gives you the following rights:

      • File permissions and permissions to the RemoteInstall folder.
      • Registry hive permissions. Many settings for the Windows Deployment Services server are stored in HKEY_LOCAL_MACHINE\System, and you need appropriate permissions to these locations to change them.
    • Domain administrator of the domain that contains the Windows Deployment Services server. This gives you permissions on the Service Control Point (SCP) in Active Directory Domain Services (AD DS) for the Windows Deployment Services server. Some configuration settings for the server are stored in the SCP.
    • Enterprise administrator (optional). This gives you Dynamic Host Configuration Protocol (DHCP) authorization permissions.

    More information at this link.

    http://technet.microsoft.com/en-us/library/cc754005(v=ws.10).aspx

     
  • Monday, May 21, 2012 2:58 PM
     
     
    Sign In to Vote
    0
    I have the version 1.0 documents, thanks. I am asking if I can delegate control to the server objects thus granting the modify rights needed to the SCP.
     
  • Monday, May 21, 2012 3:45 PM
     
     Answered
    Sign In to Vote
    0

    Ok so if I understand correctly you need to assign a user permission to the SCP so that they do not have to be a domain admin. Also if you just make them a local admin they still get access denied?

    If you open AD Users & Computers and then go to the View menu and check
    the "Users, Contacts, Groups and Computers as containers" option

    then click on the computer object on the left and then you should see
    child objects of that computer on the right hand side in the main window

    You might need to also enable
    Advanced Features

    You should then be able to assign permissions to the SCP.

     
  • Thursday, May 24, 2012 12:19 AM
     
     
    Sign In to Vote
    0
    Did you get a chance to try this other option?