By default, in Active Directory forest, users who have authority to authorize a DHCP server must be members of the "Enterprise Admins" group.
To grant this right to another group of one of the forest domains, proceed as follows:
1. Create a group in the necessary subdomain, for the members of which we further delegate the necessary rights to authorize the DHCP server. When creating, specify the parameters: Global, Security.
2. Further actions are performed under the administrators who are members of the "Enterprise Admins" group. Open the ADSI Edit snap-in. Switch to the "Configuration" context.
3. Go to "CN=Services->CN=NetServices". Right-click and select "Properties" from the menu. Switch to the "Security" tab and click "Advanced". Add us the created group "DHCP Administrators" from the necessary domain in the field "Principal". "Applies to" set to "This object only". In the "Permissions" field uncheck all boxes and select only "Create dHCPClass objects" and "Delete dHCPClass objects". Close all windows by clicking "OK" to save the settings.
To grant this right to another group of one of the forest domains, proceed as follows:
1. Create a group in the necessary subdomain, for the members of which we further delegate the necessary rights to authorize the DHCP server. When creating, specify the parameters: Global, Security.
2. Further actions are performed under the administrators who are members of the "Enterprise Admins" group. Open the ADSI Edit snap-in. Switch to the "Configuration" context.
3. Go to "CN=Services->CN=NetServices". Right-click and select "Properties" from the menu. Switch to the "Security" tab and click "Advanced". Add us the created group "DHCP Administrators" from the necessary domain in the field "Principal". "Applies to" set to "This object only". In the "Permissions" field uncheck all boxes and select only "Create dHCPClass objects" and "Delete dHCPClass objects". Close all windows by clicking "OK" to save the settings.
No comments:
Post a Comment