Access to files for Delegated Admin (RODC) RRS feed

  • Question

  • I have delegated a user Administrative rights on a RODC, the server is also file server for the branch.

    The delegated user don't have the same right to filesystem as Domain Admin's have.
    Can I solve this ?
    Or do I need to explicitly add the user to the ACL's ?


    Normally on a file server, my top folder holding the shares would have the following access rights:
    SYSTEM: full control
    server\Administrators: full control

    but since this is a RODC it have to be
    SYSTEM: full control
    domain\Administrators: full control

    The delegated user is memember of the local Administrators group, but this can not be selected as a security principal.

    Best regards,
    • Edited by Duelund Tuesday, September 20, 2011 9:26 AM
    Tuesday, September 20, 2011 9:26 AM


  • Hi,

    As the user is not a member if domain admin group, it will not have permission to access the folders you only shared to domain\administrators. It did not related to delegate.

    So if the account cannot be added to domain admin group, add the user account or create a group for this kind of accounts and add the group to permission list.


    TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.
    Thursday, September 22, 2011 2:47 AM