Permissions/Rights to run RIS/CIW

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

Scenerio:

I need to create an account that can successfully launch RIS/CIW, but have
no other admin rights whatsoever!

Setup:

Windows 2000 (native). I pxe boot to CIW.

Issue:

I have read some articles regarding this. Most say give the user 'Create
Computer Object' rights on the folder/OU containing (or will contain) the
computer account. No Dice!

I have also tried to 'Delegate Control' to a user, which I read in another
article. Still No Dice! In both scenerios, I recive an error saying "The user
<user> does not have permission to create or modify computer account".

Can someone point me in the right direction, or better yet if you have the
answer TELL ME ;-)

Seriously, any help is appreciated. Let me know if you need any more info.

Thanks,
Martski
1 answer Last reply
More about permissions rights
  1. Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

    The user need to have the below minimal permissions on the OU (or
    container) that you have specified in the RIS Server config (default
    is the users container).

    (child objects)

    Create Computer objects
    Delete Computer objects

    (computer objects)

    Read All Properties
    Write All Properties
    Read Permissions
    Modify Permissions
    Change Password
    Reset Password
    Validated write to DNS host name
    Validated write to service principal name


    I do recommend you create another OU (example: workstations) and
    configure RIS to create the computer accounts in that OU.

    regards
    Johan Arwidmark

    Windows User Group - Nordic
    http://www.wug-nordic.net


    On Wed, 8 Dec 2004 10:11:04 -0800, "Martski"
    <Martski@discussions.microsoft.com> wrote:

    >Scenerio:
    >
    >I need to create an account that can successfully launch RIS/CIW, but have
    >no other admin rights whatsoever!
    >
    >Setup:
    >
    >Windows 2000 (native). I pxe boot to CIW.
    >
    >Issue:
    >
    >I have read some articles regarding this. Most say give the user 'Create
    >Computer Object' rights on the folder/OU containing (or will contain) the
    >computer account. No Dice!
    >
    >I have also tried to 'Delegate Control' to a user, which I read in another
    >article. Still No Dice! In both scenerios, I recive an error saying "The user
    ><user> does not have permission to create or modify computer account".
    >
    >Can someone point me in the right direction, or better yet if you have the
    >answer TELL ME ;-)
    >
    >Seriously, any help is appreciated. Let me know if you need any more info.
    >
    >Thanks,
    >Martski
Ask a new question

Read More

Computers Permissions Windows