Grant DNS admin start / stop service rights

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

On news groups I see lots of discussion centering around granting admin access to DNS services. This is usually couched in an arguement about whether unix admins should or should not have admin access to the DNS service. If you do that, you give them admin access to everything. What you can do is give the DNS admins the right to start / stop the DNS services through Group Policy objects. Open the GPO for the server's container:
  • Computer Configuration
  • Windows Settings
  • Security Settings
  • System Services
  • DNS Server
  • check Define this policy setting
  • click the Edit Security button.
There you can set security for the service, specifically which group or users have the right to start/stop/pause the service. Delegation of authority is the fundamental advance W2K has over NT.

Featured Links