Hey Ulf - can you just script it?
joe
Hi there,
I have a customer
who where we implemented the least permissions necessary for each group
fulfilling administrative tasks. One of those tasks is that they are
required that just a small group has the permissions to grant RAS
permissions, and every useraccount is forced to be called back to a
previously set number. To scale that solution better, the user-helpdesk
should be able to change the callback-number, but they are not allowed to do
anything else in the RAS-Permissions.
Those are the requirements.
Point.
Couple month ago I discovered some bugs in the ADUC Dial-In Tab.
After installing a hotfix that allows non-administrator accounts to see the
dialin-tab and figuring out that I need to set the permissions for the
helpdesk for the msRadiusCallbackNumber and the userProperties
attributes I figured that there's an additional bug in the tab: the
helpdesk is now able to change the Callback-Number in the interface,
however as soon as they click on Apply or OK there's an error that the
rights are not sufficient.
This is a bug, which is verified by
Microsoft.
The only way to delegate the permissions on the RAS Tab - due
to the bug - is to grant the group full permissions on everything of the
RAS-Tab. This is not acceptable in our case.
Now comes why I'm
posting:
We have a open call at PSS, already did a CDCR and political
impact, but MS told us that they think it's not a option requested by
customers and they need at least another customer with that requirement to
fix that. I do not believe that we are the only ones with that request -
however I do believe that those out there who had a request like that
stopped early in the process instead of going the way through.
So if
anyone of you knows a company which has those requirements and would like to
have that fixed, contact me asap to see if we are able to get that fixed. As
far as I was told from PSS they'd like to get that fixed too but are unable
to assign developer-resources for it if it's not requested by the
market.
This issue bugs me since the beginning of the year
:-(
Gruesse -
Sincerely,
Ulf B.
Simon-Weidner
|