The easiest way of figuring out what rights you need to do anything on a member server, AD, service right delegation etc, etc, is to turn on auditing on success/failure and try what you're doing again. Read the security event log, and the rights that are missing are exposed in the failure log. This allows you to isolate the rights/special rights or ACL's required to accomplish your task. You'll see some interesting changes between win2k/win2k3 as some things have become simpler, e.g. only three delegated object rights needed to delegate Authorise DHCP, or one special right on the domain object to allow use of SidHistory, etc. But I digress....
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: 27 July 2004 11:21 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD and printer admins That lets them modify current printers yes. But not create new ones. Which is my dilemma. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Quatro Info Sent: Tuesday, July 27, 2004 4:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD and printer admins Make an OU for desktop support ....add users there.... In printer properties....security tab add OU there and give full rights... Never tried but guess that's the way. Gr J -----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Cothern Jeff D. Team EITC Verzonden: dinsdag 27 juli 2004 22:21 Aan: [EMAIL PROTECTED] Onderwerp: [ActiveDir] AD and printer admins Is there a way within AD and other security settings to allow a Desktop Support section the ability to create and maintain printers without putting them into the local admin group on the servers. Currently we are not using the Printers OU for AD. The printers are added the old way thru the add printer wizard. Jeff List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
