Unfortunately, limiting RDP access to a single server won't help - the DHCP MMC will let him manage any other DHCP server and scope.
Malcolm -----Original Message----- From: Cameron Cooper [mailto:ccoo...@aurico.com] Sent: Monday, 26 January, 2009 07:52 To: NT System Admin Issues Subject: RE: Can we limit administration to One DHCP server in a domain? Jay, You can install DHCP on a member sever, however you will need to setup one server with a set scope (ie. 192.168.4.1 to 192.168.4.50) and another with a different scope. The reason behind this is that each computer will grab an IP from the DHCP server, and if you have two servers running DHCP the computers won't know where to grab the IP from. As far as just setting him up to one DHCP server... I don't know if this can be done. You could set him up with the DHCP Admin account and then only allow him to access the one server by setting up RDP with permissions. On the other servers you could deny him access to those with RDP. _______________________________ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021 Fax: 847-255-1896 ccoo...@aurico.com -----Original Message----- From: Jay Kulsh [mailto:a...@kulsh.com] Sent: Monday, January 26, 2009 4:41 AM To: NT System Admin Issues Subject: Can we limit administration to One DHCP server in a domain? We have many sites in Winows 2003 domain with DHCP server running on a DC on each site. We would like a user (who is not a member of Domain Admins group) to administer only one DHCP server -- on his site. However, making him a member of DHCP administrators group gives him rights on all DHCP servers and DHCP users group can only view configuration of these servers. Perhaps, installing DHCP on a member server is a solution, but can this be achieved while keeping DHCP servers on DCs? Thanks. Jay Kulsh iLAN So. Pasadena, CA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ This e-mail, including any attached files, may contain confidential and privileged information for the sole use of the intended recipient. Any review, use, distribution, or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~