Sign in with
Sign up | Sign in
Your question

Permissions/Rights to run RIS/CIW

Last response: in Windows 2000/NT
Share
Anonymous
December 8, 2004 1:11:04 PM

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

Scenerio:

I need to create an account that can successfully launch RIS/CIW, but have
no other admin rights whatsoever!

Setup:

Windows 2000 (native). I pxe boot to CIW.

Issue:

I have read some articles regarding this. Most say give the user 'Create
Computer Object' rights on the folder/OU containing (or will contain) the
computer account. No Dice!

I have also tried to 'Delegate Control' to a user, which I read in another
article. Still No Dice! In both scenerios, I recive an error saying "The user
<user> does not have permission to create or modify computer account".

Can someone point me in the right direction, or better yet if you have the
answer TELL ME ;-)

Seriously, any help is appreciated. Let me know if you need any more info.

Thanks,
Martski
Anonymous
December 8, 2004 11:07:37 PM

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

The user need to have the below minimal permissions on the OU (or
container) that you have specified in the RIS Server config (default
is the users container).

(child objects)

Create Computer objects
Delete Computer objects

(computer objects)

Read All Properties
Write All Properties
Read Permissions
Modify Permissions
Change Password
Reset Password
Validated write to DNS host name
Validated write to service principal name


I do recommend you create another OU (example: workstations) and
configure RIS to create the computer accounts in that OU.

regards
Johan Arwidmark

Windows User Group - Nordic
http://www.wug-nordic.net


On Wed, 8 Dec 2004 10:11:04 -0800, "Martski"
<Martski@discussions.microsoft.com> wrote:

>Scenerio:
>
>I need to create an account that can successfully launch RIS/CIW, but have
>no other admin rights whatsoever!
>
>Setup:
>
>Windows 2000 (native). I pxe boot to CIW.
>
>Issue:
>
>I have read some articles regarding this. Most say give the user 'Create
>Computer Object' rights on the folder/OU containing (or will contain) the
>computer account. No Dice!
>
>I have also tried to 'Delegate Control' to a user, which I read in another
>article. Still No Dice! In both scenerios, I recive an error saying "The user
><user> does not have permission to create or modify computer account".
>
>Can someone point me in the right direction, or better yet if you have the
>answer TELL ME ;-)
>
>Seriously, any help is appreciated. Let me know if you need any more info.
>
>Thanks,
>Martski
!