Sign in with
Sign up | Sign in
Your question

branch office administrator

Last response: in Windows 2000/NT
Share
Anonymous
January 16, 2005 10:42:20 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have a client that has 25 branch locations. we are in the process of
upgrading and bringing nearly all of these online and setup under one domain
(DC/GC housed at each office with separate sites defined for each physical
location with some sort of high speed connection between 384 Kb/s and 3.0
Mb/s at each location with a VPN link back to corporate). Most of the sites
only have between 5-15 users.

The plant manager is complaining at one location that was brought online
this last week, because the former "IT Guy" that took care of their
equipment is a friend of his and he doesn't want him to stop doing their
work. We work for the corporate office so he doesn't have much choice/say
over most of this, but he has managed to get corporate to give him
permission to give full administrative rights over the computers and server
at the location to his buddy the "IT Guy"

As I said, the server is a DC and GC (2003 native mode) so I can't justgive
him local admin rights to the server.

What is the best way to give him administrative control over the server, and
user accounts/computer accounts, without compromising security on the rest
of the network? (all objects in AD that pertain to the location are housed
in or under a OU, except for the Server which is obviously in the Domain
Controllers OU, I have already ran the delegate permission wizard in AD for
that OU.)??

Thanks in advance...

Brian
Anonymous
January 16, 2005 11:36:40 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Have you taken a look at the Delegation Wizard?

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Brian Higgins" <brian@-NO-accentconsulting-SPAM-.com> wrote in message
news:%23XtnV1C$EHA.3124@TK2MSFTNGP11.phx.gbl...
>I have a client that has 25 branch locations. we are in the process of
>upgrading and bringing nearly all of these online and setup under one
>domain (DC/GC housed at each office with separate sites defined for each
>physical location with some sort of high speed connection between 384 Kb/s
>and 3.0 Mb/s at each location with a VPN link back to corporate). Most of
>the sites only have between 5-15 users.
>
> The plant manager is complaining at one location that was brought online
> this last week, because the former "IT Guy" that took care of their
> equipment is a friend of his and he doesn't want him to stop doing their
> work. We work for the corporate office so he doesn't have much choice/say
> over most of this, but he has managed to get corporate to give him
> permission to give full administrative rights over the computers and
> server at the location to his buddy the "IT Guy"
>
> As I said, the server is a DC and GC (2003 native mode) so I can't
> justgive him local admin rights to the server.
>
> What is the best way to give him administrative control over the server,
> and user accounts/computer accounts, without compromising security on the
> rest of the network? (all objects in AD that pertain to the location are
> housed in or under a OU, except for the Server which is obviously in the
> Domain Controllers OU, I have already ran the delegate permission wizard
> in AD for that OU.)??
>
> Thanks in advance...
>
> Brian
>
!