On news groups I see lots of discussion centering around granting admin access
to DNS services. This is usually couched in an arguement about whether unix
admins should or should not have admin access to the DNS service. If you do
that, you give them admin access to everything. What you can do is give the DNS
admins the right to start / stop the DNS services through Group Policy objects.
Open the GPO for the server's container:
- Computer Configuration
- Windows Settings
- Security Settings
- System Services
- DNS Server
- check Define this policy setting
- click the Edit Security button.
can set security for the service, specifically which group or users have the
right to start/stop/pause the service. Delegation of authority is the
fundamental advance W2K has over NT.