Need to maintain an additional domain administrator with less privilage


  • Hello,

    Please let me know How to maintain an additional administrator those who hold privileges less than the super administrator.

    This admin sometimes may not have the privilege to share file / folders, change IP settings or other security changes. But he should able to install software, rename PC etc.

    Have such configuration methods in Windows Server 2012 R2 domain network. Please help me.


    Sagar Krishna

    Saturday, January 2, 2016 9:45 AM


All replies

  • Hi

     You can configure delegate permissions for this user.(like join pc donain,rename pc,reset password,install software,etc)

    Check the article for delegate permissions sample,

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Saturday, January 2, 2016 10:43 AM
  • There are at least two types of administrator groups, that will take your attention,namely Enterprise and Domain. This is why you should specify more information on your infrastructure.  In single domain the situation is more simple than when you have a multiple domains in forest(s).

    There are more possibilities as to the fine grain settings of admin rights. It is good to specify what the admin can and what the admin cannot and test both. There are situations when you cannot set one right and maintain another, in this case you should specify the rules and configure audit to notify the rule break.

    In folder and file security you can apply strict "deny".

    I think there is no universal procedure for any situation.


    Saturday, January 2, 2016 11:51 AM
  • Hi Sagar,

    You could delegate specified permission to users with delegation control wizard.

    Here is an article below about delegation of control for your reference.

    Best Regards,


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact

    Monday, January 4, 2016 6:32 AM