none
DirectAccess - Reporting Delegation RRS feed

  • Question

  • Hi,

    I thought this would be a nice easy one. How can I give somebody access to just the reporting part of DirectAccess if they have the Remote Access Management MMC installed/enabled on their client?

    Thanks!


    Monday, July 30, 2018 1:46 PM

Answers

  • I don't think there is a way to accomplish quite what you are looking for. The RAMC won't open at all unless the user opening it has at least read rights to the GPOs, so there is always that consideration. Then the Reporting section pulls data from the WID (in almost all cases, unless you set it up for RADIUS logging) on the local DA server itself, so permissions are needed there as well.

    What would probably be easier is to script out the pulling of that data via PowerShell, so you can run the script by whatever permissions you wanted, and have the data dumped somewhere your user could then manipulate it. For example, here is a command that will pull out DA Reporting information for a particular date range and dump it into a CSV that can then be edited/filtered inside Excel:

    Get-RemoteAccessConnectionStatistics –StartDateTime "1 November 2017 12:00" –EndDateTime "14 November 2017 12:00" | Export-Csv –Path "C:\Temp\DA.csv"

    • Marked as answer by Lanky Doodle Thursday, August 2, 2018 9:57 AM
    Monday, July 30, 2018 5:13 PM

All replies

  • I don't think there is a way to accomplish quite what you are looking for. The RAMC won't open at all unless the user opening it has at least read rights to the GPOs, so there is always that consideration. Then the Reporting section pulls data from the WID (in almost all cases, unless you set it up for RADIUS logging) on the local DA server itself, so permissions are needed there as well.

    What would probably be easier is to script out the pulling of that data via PowerShell, so you can run the script by whatever permissions you wanted, and have the data dumped somewhere your user could then manipulate it. For example, here is a command that will pull out DA Reporting information for a particular date range and dump it into a CSV that can then be edited/filtered inside Excel:

    Get-RemoteAccessConnectionStatistics –StartDateTime "1 November 2017 12:00" –EndDateTime "14 November 2017 12:00" | Export-Csv –Path "C:\Temp\DA.csv"

    • Marked as answer by Lanky Doodle Thursday, August 2, 2018 9:57 AM
    Monday, July 30, 2018 5:13 PM
  • Jordan is correct. There's no native way to delegate permissions at all with the DirectAccess GUI, unfortunately. Anyone who opens the Remote Access Management console must have full permissions on the DirectAccess server and client settings GPOs in Active Directory and be a member of the local administrators group on the DirectAccess server.

    It is possible to delegate permissions to designated users with customer PowerShell endpoints though. If something like that interests you, reach out to me directly and I can provide you with some sample code if you like. :)

    Sunday, August 5, 2018 12:41 AM