| Next: reeee |
| Author |
Message |
Allan Tee
External
Since: Nov 09, 2005
Posts: 6
|
 Posted: Wed Nov 09, 2005 1:43 am Post subject: Delegate remote access permission
Archived from groups: microsoft>public>win2000>active_directory (more info?) |
|
|
|
| I want to delegate granting/denying of dialin access to our helpdesk. I
enabled Read/Write Remote Access Information on the specific OU and made a
custom mmc and distributed to my helpdesk. The helpdesk can tick/untick grant
dialin access but when clicking Ok it says accesss is denied. What additional
right do I have to tick to make this work? Thanks!
|
|
|
| Back to top |
|
 |
Jorge_de_Almeida_Pinto
Joined: Jun 20, 2005
Posts: 358
|
| Posted: Wed Nov 09, 2005 4:03 pm Post subject: Re: Delegate remote access permission [Login to view extended thread Info.] |
|
|
on one of the DCs open up the file DSSEC.DAT (located in C:\WINDOWS\system32)
search for msNPAllowDialin=
change the 7 into a 0 (zero), save the file
re-open Active Directory Users and Computers on that same DC. Start the delegation of control wizard
choose as the object type: user objects
for permissions select: general and property specific
select READ/WRITE msNPAllowDialin
Your done. The helpdesk people should now be able to change select allow or deny or throught remote access policies DIALIN on the dialin TAB
good luck |
|
| Back to top |
|
|
Allan Tee
External
Since: Nov 09, 2005
Posts: 6
|
Posted: Tue Jan 03, 2006 4:19 pm Post subject: Re: Delegate remote access permission [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
hi jorge thanks for the reply! however i wasnt able to locate the READ/WRITE
msNPAllowDialin you were referring to after editing
%windir%\system32\dssec.dat. i attach here the list to prove there is no
msNPAllowDialin 
Full Control
Read
Write
Create All Child Objects
Delete All Child Objects
Read All Properties
Write All Properties
Change Password
Reset Password
Read and write General Information
Read and write Account Restrictions
Read and write Logon Information
Read and write Group Membership
Read and write Personal Information
Read and write Phone and Mail Options
Read and write Web Information
Read and write Public Information
Read and write Remote Access Information
Allowed to Authenticate
Receive As
Send As
Read accountExpires
Write accountExpires
Read accountNameHistory
Write accountNameHistory
Read adminDescription
Write adminDescription
Read adminDisplayName
Write adminDisplayName
Read Alias
Write Alias
Read altRecipient
Write altRecipient
Read altRecipientBL
Write altRecipientBL
Read altSecurityIdentities
Write altSecurityIdentities
Read Assistant
Write Assistant
Read attributeCertificate
Write attributeCertificate
Read attributeCertificateAttribute
Write attributeCertificateAttribute
Read audio
Write audio
Read authOrig
Write authOrig
Read authOrigBL
Write authOrigBL
Read autoReply
Write autoReply
Read businessCategory
Write businessCategory
Read businessRoles
Write businessRoles
Read carLicense
Write carLicense
Read Comment
Write Comment
Read Company
Write Company
Read Custom Attribute 1
Write Custom Attribute 1
Read Custom Attribute 10
Write Custom Attribute 10
Read Custom Attribute 11
Write Custom Attribute 11
Read Custom Attribute 12
Write Custom Attribute 12
Read Custom Attribute 13
Write Custom Attribute 13
Read Custom Attribute 14
Write Custom Attribute 14
Read Custom Attribute 15
Write Custom Attribute 15
Read Custom Attribute 2
Write Custom Attribute 2
Read Custom Attribute 3
Write Custom Attribute 3
Read Custom Attribute 4
Write Custom Attribute 4
Read Custom Attribute 5
Write Custom Attribute 5
Read Custom Attribute 6
Write Custom Attribute 6
Read Custom Attribute 7
Write Custom Attribute 7
Read Custom Attribute 8
Write Custom Attribute 8
Read Custom Attribute 9
Write Custom Attribute 9
Read deletedItemFlags
Write deletedItemFlags
Read delivContLength
Write delivContLength
Read deliverAndRedirect
Write deliverAndRedirect
Read deliveryMechanism
Write deliveryMechanism
Read delivExtContTypes
Write delivExtContTypes
Read Department
Write Department
Read departmentNumber
Write departmentNumber
Read Description
Write Description
Read desktopProfile
Write desktopProfile
Read Direct Reports
Write Direct Reports
Read Display Name
Write Display Name
Read Division
Write Division
Read dLMemDefault
Write dLMemDefault
Read dLMemRejectPerms
Write dLMemRejectPerms
Read dLMemRejectPermsBL
Write dLMemRejectPermsBL
Read dLMemSubmitPerms
Write dLMemSubmitPerms
Read dLMemSubmitPermsBL
Write dLMemSubmitPermsBL
Read dnQualifier
Write dnQualifier
Read E-Mail Address (Others)
Write E-Mail Address (Others)
Read Employee ID
Write Employee ID
Read employeeNumber
Write employeeNumber
Read employeeType
Write employeeType
Read enabledProtocols
Write enabledProtocols
Read Exchange Home Server
Write Exchange Home Server
Read Exchange Mailbox Store
Write Exchange Mailbox Store
Read expirationTime
Write expirationTime
Read extensionData
Write extensionData
Read Fax Number
Write Fax Number
Read Fax Number (Others)
Write Fax Number (Others)
Read First Name
Write First Name
Read formData
Write formData
Read forwardingAddress
Write forwardingAddress
Read groupMembershipSAM
Write groupMembershipSAM
Read heuristics
Write heuristics
Read Home Address
Write Home Address
Read Home Drive
Write Home Drive
Read Home Folder
Write Home Folder
Read Home Phone
Write Home Phone
Read Home Phone Number (Others)
Write Home Phone Number (Others)
Read homeMTA
Write homeMTA
Read houseIdentifier
Write houseIdentifier
Read ILS Settings
Write ILS Settings
Read importedFrom
Write importedFrom
Read Initials
Write Initials
Read Instant Messaging Address
Write Instant Messaging Address
Read Instant Messaging Home Server URL
Write Instant Messaging Home Server URL
Read Instant Messaging URL
Write Instant Messaging URL
Read International ISDN Number (Others)
Write International ISDN Number (Others)
Read internetEncoding
Write internetEncoding
Read IP Phone Number
Write IP Phone Number
Read IP Phone Number (Others)
Write IP Phone Number (Others)
Read Job Title
Write Job Title
Read jpegPhoto
Write jpegPhoto
Read kMServer
Write kMServer
Read labeledURI
Write labeledURI
Read language
Write language
Read languageCode
Write languageCode
Read lastLogonTimestamp
Write lastLogonTimestamp
Read lockoutTime
Write lockoutTime
Read Logon Name
Write Logon Name
Read Logon Name (pre-Windows 2000)
Write Logon Name (pre-Windows 2000)
Read Logon Workstations
Write Logon Workstations
Read logonHours
Write logonHours
Read logonWorkstation
Write logonWorkstation
Read Manager
Write Manager
Read mAPIRecipient
Write mAPIRecipient
Read mDBOverHardQuotaLimit
Write mDBOverHardQuotaLimit
Read mDBOverQuotaLimit
Write mDBOverQuotaLimit
Read mDBStorageQuota
Write mDBStorageQuota
Read mDBUseDefaults
Write mDBUseDefaults
Read Member Of
Write Member Of
Read Middle Name
Write Middle Name
Read Mobile Number
Write Mobile Number
Read Mobile Number (Others)
Write Mobile Number (Others)
Read mS-DS-CreatorSID
Write mS-DS-CreatorSID
Read msCOM-PartitionSetLink
Write msCOM-PartitionSetLink
Read msCOM-UserLink
Write msCOM-UserLink
Read msCOM-UserPartitionSetLink
Write msCOM-UserPartitionSetLink
Read msDRM-IdentityCertificate
Write msDRM-IdentityCertificate
Read msDS-AllowedToDelegateTo
Write msDS-AllowedToDelegateTo
Read msDS-Approx-Immed-Subordinates
Write msDS-Approx-Immed-Subordinates
Read msDS-Cached-Membership
Write msDS-Cached-Membership
Read msDS-Cached-Membership-Time-Stamp
Write msDS-Cached-Membership-Time-Stamp
Read msDS-KeyVersionNumber
Write msDS-KeyVersionNumber
Read msDs-masteredBy
Write msDs-masteredBy
Read msDS-MembersForAzRoleBL
Write msDS-MembersForAzRoleBL
Read msDS-NCReplCursors
Write msDS-NCReplCursors
Read msDS-NCReplInboundNeighbors
Write msDS-NCReplInboundNeighbors
Read msDS-NCReplOutboundNeighbors
Write msDS-NCReplOutboundNeighbors
Read msDS-NonMembersBL
Write msDS-NonMembersBL
Read msDS-ObjectReferenceBL
Write msDS-ObjectReferenceBL
Read msDS-OperationsForAzRoleBL
Write msDS-OperationsForAzRoleBL
Read msDS-OperationsForAzTaskBL
Write msDS-OperationsForAzTaskBL
Read msDS-ReplAttributeMetaData
Write msDS-ReplAttributeMetaData
Read msDS-ReplValueMetaData
Write msDS-ReplValueMetaData
Read msDS-Site-Affinity
Write msDS-Site-Affinity
Read msDS-TasksForAzRoleBL
Write msDS-TasksForAzRoleBL
Read msDS-TasksForAzTaskBL
Write msDS-TasksForAzTaskBL
Read msDS-User-Account-Control-Computed
Write msDS-User-Account-Control-Computed
Read name
Write name
Read Name
Write Name
Read Notes
Write Notes
Read objectSid
Write objectSid
Read otherLoginWorkstations
Write otherLoginWorkstations
Read Outlook Web Access Server
Write Outlook Web Access Server
Read ownerBL
Write ownerBL
Read Pager Number
Write Pager Number
Read Pager Number (Others)
Write Pager Number (Others)
Read personalPager
Write personalPager
Read Phone Number (Others)
Write Phone Number (Others)
Read photo
Write photo
Read pOPCharacterSet
Write pOPCharacterSet
Read pOPContentFormat
Write pOPContentFormat
Read Post Office Box
Write Post Office Box
Read postalAddress
Write postalAddress
Read preferredLanguage
Write preferredLanguage
Read profilePath
Write profilePath
Read protocolSettings
Write protocolSettings
Read publicDelegates
Write publicDelegates
Read publicDelegatesBL
Write publicDelegatesBL
Read pwdLastSet
Write pwdLastSet
Read replicatedObjectVersion
Write replicatedObjectVersion
Read replicationSensitivity
Write replicationSensitivity
Read replicationSignature
Write replicationSignature
Read roomNumber
Write roomNumber
Read scriptPath
Write scriptPath
Read secretary
Write secretary
Read securityProtocol
Write securityProtocol
Read serialNumber
Write serialNumber
Read street
Write street
Read Street Address
Write Street Address
Read structuralObjectClass
Write structuralObjectClass
Read submissionContLength
Write submissionContLength
Read supportedAlgorithms
Write supportedAlgorithms
Read targetAddress
Write targetAddress
Read Telephone Number
Write Telephone Number
Read telephoneAssistant
Write telephoneAssistant
Read thumbnailLogo
Write thumbnailLogo
Read thumbnailPhoto
Write thumbnailPhoto
Read Title
Write Title
Read tokenGroupsGlobalAndUniversal
Write tokenGroupsGlobalAndUniversal
Read uid
Write uid
Read unauthOrig
Write unauthOrig
Read unauthOrigBL
Write unauthOrigBL
Read unmergedAtts
Write unmergedAtts
Read userAccountControl
Write userAccountControl
Read userCert
Write userCert
Read userCertificate
Write userCertificate
Read userParameters
Write userParameters
Read userPKCS12
Write userPKCS12
Read userSharedFolder
Write userSharedFolder
Read userSharedFolderOther
Write userSharedFolderOther
Read versionNumber
Write versionNumber
Read Web Page Address
Write Web Page Address
Read x500uniqueIdentifier
Write x500uniqueIdentifier
Read ZIP/Postal Code
Write ZIP/Postal Code |
|
| Back to top |
|
|
Jorge de Almeida Pinto
External
Since: Dec 15, 2005
Posts: 106
|
Posted: Wed Jan 04, 2006 8:55 am Post subject: Re: Delegate remote access permission [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Yes there is...
I guess you changed the msNPAllowDialin option under [computer]. You should
change it under [user]
open up %windir%\system32\dssec.dat again... search for it change the
computer option back to its original value and the user option this time
and try again.
create a custom tasks for USER specific objects
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
"Allan Tee" <AllanTee DeleteThis @discussions.microsoft.com> wrote in message
news:26DE55E8-80EA-4D89-8EC5-C2D6E58F25D3@microsoft.com...
> hi jorge thanks for the reply! however i wasnt able to locate the
> READ/WRITE
> msNPAllowDialin you were referring to after editing
> %windir%\system32\dssec.dat. i attach here the list to prove there is no
> msNPAllowDialin
>
> Full Control
> Read
> Write
> Create All Child Objects
> Delete All Child Objects
> Read All Properties
> Write All Properties
> Change Password
> Reset Password
> Read and write General Information
> Read and write Account Restrictions
> Read and write Logon Information
> Read and write Group Membership
> Read and write Personal Information
> Read and write Phone and Mail Options
> Read and write Web Information
> Read and write Public Information
> Read and write Remote Access Information
> Allowed to Authenticate
> Receive As
> Send As
> Read accountExpires
> Write accountExpires
> Read accountNameHistory
> Write accountNameHistory
> Read adminDescription
> Write adminDescription
> Read adminDisplayName
> Write adminDisplayName
> Read Alias
> Write Alias
> Read altRecipient
> Write altRecipient
> Read altRecipientBL
> Write altRecipientBL
> Read altSecurityIdentities
> Write altSecurityIdentities
> Read Assistant
> Write Assistant
> Read attributeCertificate
> Write attributeCertificate
> Read attributeCertificateAttribute
> Write attributeCertificateAttribute
> Read audio
> Write audio
> Read authOrig
> Write authOrig
> Read authOrigBL
> Write authOrigBL
> Read autoReply
> Write autoReply
> Read businessCategory
> Write businessCategory
> Read businessRoles
> Write businessRoles
> Read carLicense
> Write carLicense
> Read Comment
> Write Comment
> Read Company
> Write Company
> Read Custom Attribute 1
> Write Custom Attribute 1
> Read Custom Attribute 10
> Write Custom Attribute 10
> Read Custom Attribute 11
> Write Custom Attribute 11
> Read Custom Attribute 12
> Write Custom Attribute 12
> Read Custom Attribute 13
> Write Custom Attribute 13
> Read Custom Attribute 14
> Write Custom Attribute 14
> Read Custom Attribute 15
> Write Custom Attribute 15
> Read Custom Attribute 2
> Write Custom Attribute 2
> Read Custom Attribute 3
> Write Custom Attribute 3
> Read Custom Attribute 4
> Write Custom Attribute 4
> Read Custom Attribute 5
> Write Custom Attribute 5
> Read Custom Attribute 6
> Write Custom Attribute 6
> Read Custom Attribute 7
> Write Custom Attribute 7
> Read Custom Attribute 8
> Write Custom Attribute 8
> Read Custom Attribute 9
> Write Custom Attribute 9
> Read deletedItemFlags
> Write deletedItemFlags
> Read delivContLength
> Write delivContLength
> Read deliverAndRedirect
> Write deliverAndRedirect
> Read deliveryMechanism
> Write deliveryMechanism
> Read delivExtContTypes
> Write delivExtContTypes
> Read Department
> Write Department
> Read departmentNumber
> Write departmentNumber
> Read Description
> Write Description
> Read desktopProfile
> Write desktopProfile
> Read Direct Reports
> Write Direct Reports
> Read Display Name
> Write Display Name
> Read Division
> Write Division
> Read dLMemDefault
> Write dLMemDefault
> Read dLMemRejectPerms
> Write dLMemRejectPerms
> Read dLMemRejectPermsBL
> Write dLMemRejectPermsBL
> Read dLMemSubmitPerms
> Write dLMemSubmitPerms
> Read dLMemSubmitPermsBL
> Write dLMemSubmitPermsBL
> Read dnQualifier
> Write dnQualifier
> Read E-Mail Address (Others)
> Write E-Mail Address (Others)
> Read Employee ID
> Write Employee ID
> Read employeeNumber
> Write employeeNumber
> Read employeeType
> Write employeeType
> Read enabledProtocols
> Write enabledProtocols
> Read Exchange Home Server
> Write Exchange Home Server
> Read Exchange Mailbox Store
> Write Exchange Mailbox Store
> Read expirationTime
> Write expirationTime
> Read extensionData
> Write extensionData
> Read Fax Number
> Write Fax Number
> Read Fax Number (Others)
> Write Fax Number (Others)
> Read First Name
> Write First Name
> Read formData
> Write formData
> Read forwardingAddress
> Write forwardingAddress
> Read groupMembershipSAM
> Write groupMembershipSAM
> Read heuristics
> Write heuristics
> Read Home Address
> Write Home Address
> Read Home Drive
> Write Home Drive
> Read Home Folder
> Write Home Folder
> Read Home Phone
> Write Home Phone
> Read Home Phone Number (Others)
> Write Home Phone Number (Others)
> Read homeMTA
> Write homeMTA
> Read houseIdentifier
> Write houseIdentifier
> Read ILS Settings
> Write ILS Settings
> Read importedFrom
> Write importedFrom
> Read Initials
> Write Initials
> Read Instant Messaging Address
> Write Instant Messaging Address
> Read Instant Messaging Home Server URL
> Write Instant Messaging Home Server URL
> Read Instant Messaging URL
> Write Instant Messaging URL
> Read International ISDN Number (Others)
> Write International ISDN Number (Others)
> Read internetEncoding
> Write internetEncoding
> Read IP Phone Number
> Write IP Phone Number
> Read IP Phone Number (Others)
> Write IP Phone Number (Others)
> Read Job Title
> Write Job Title
> Read jpegPhoto
> Write jpegPhoto
> Read kMServer
> Write kMServer
> Read labeledURI
> Write labeledURI
> Read language
> Write language
> Read languageCode
> Write languageCode
> Read lastLogonTimestamp
> Write lastLogonTimestamp
> Read lockoutTime
> Write lockoutTime
> Read Logon Name
> Write Logon Name
> Read Logon Name (pre-Windows 2000)
> Write Logon Name (pre-Windows 2000)
> Read Logon Workstations
> Write Logon Workstations
> Read logonHours
> Write logonHours
> Read logonWorkstation
> Write logonWorkstation
> Read Manager
> Write Manager
> Read mAPIRecipient
> Write mAPIRecipient
> Read mDBOverHardQuotaLimit
> Write mDBOverHardQuotaLimit
> Read mDBOverQuotaLimit
> Write mDBOverQuotaLimit
> Read mDBStorageQuota
> Write mDBStorageQuota
> Read mDBUseDefaults
> Write mDBUseDefaults
> Read Member Of
> Write Member Of
> Read Middle Name
> Write Middle Name
> Read Mobile Number
> Write Mobile Number
> Read Mobile Number (Others)
> Write Mobile Number (Others)
> Read mS-DS-CreatorSID
> Write mS-DS-CreatorSID
> Read msCOM-PartitionSetLink
> Write msCOM-PartitionSetLink
> Read msCOM-UserLink
> Write msCOM-UserLink
> Read msCOM-UserPartitionSetLink
> Write msCOM-UserPartitionSetLink
> Read msDRM-IdentityCertificate
> Write msDRM-IdentityCertificate
> Read msDS-AllowedToDelegateTo
> Write msDS-AllowedToDelegateTo
> Read msDS-Approx-Immed-Subordinates
> Write msDS-Approx-Immed-Subordinates
> Read msDS-Cached-Membership
> Write msDS-Cached-Membership
> Read msDS-Cached-Membership-Time-Stamp
> Write msDS-Cached-Membership-Time-Stamp
> Read msDS-KeyVersionNumber
> Write msDS-KeyVersionNumber
> Read msDs-masteredBy
> Write msDs-masteredBy
> Read msDS-MembersForAzRoleBL
> Write msDS-MembersForAzRoleBL
> Read msDS-NCReplCursors
> Write msDS-NCReplCursors
> Read msDS-NCReplInboundNeighbors
> Write msDS-NCReplInboundNeighbors
> Read msDS-NCReplOutboundNeighbors
> Write msDS-NCReplOutboundNeighbors
> Read msDS-NonMembersBL
> Write msDS-NonMembersBL
> Read msDS-ObjectReferenceBL
> Write msDS-ObjectReferenceBL
> Read msDS-OperationsForAzRoleBL
> Write msDS-OperationsForAzRoleBL
> Read msDS-OperationsForAzTaskBL
> Write msDS-OperationsForAzTaskBL
> Read msDS-ReplAttributeMetaData
> Write msDS-ReplAttributeMetaData
> Read msDS-ReplValueMetaData
> Write msDS-ReplValueMetaData
> Read msDS-Site-Affinity
> Write msDS-Site-Affinity
> Read msDS-TasksForAzRoleBL
> Write msDS-TasksForAzRoleBL
> Read msDS-TasksForAzTaskBL
> Write msDS-TasksForAzTaskBL
> Read msDS-User-Account-Control-Computed
> Write msDS-User-Account-Control-Computed
> Read name
> Write name
> Read Name
> Write Name
> Read Notes
> Write Notes
> Read objectSid
> Write objectSid
> Read otherLoginWorkstations
> Write otherLoginWorkstations
> Read Outlook Web Access Server
> Write Outlook Web Access Server
> Read ownerBL
> Write ownerBL
> Read Pager Number
> Write Pager Number
> Read Pager Number (Others)
> Write Pager Number (Others)
> Read personalPager
> Write personalPager
> Read Phone Number (Others)
> Write Phone Number (Others)
> Read photo
> Write photo
> Read pOPCharacterSet
> Write pOPCharacterSet
> Read pOPContentFormat
> Write pOPContentFormat
> Read Post Office Box
> Write Post Office Box
> Read postalAddress
> Write postalAddress
> Read preferredLanguage
> Write preferredLanguage
> Read profilePath
> Write profilePath
> Read protocolSettings
> Write protocolSettings
> Read publicDelegates
> Write publicDelegates
> Read publicDelegatesBL
> Write publicDelegatesBL
> Read pwdLastSet
> Write pwdLastSet
> Read replicatedObjectVersion
> Write replicatedObjectVersion
> Read replicationSensitivity
> Write replicationSensitivity
> Read replicationSignature
> Write replicationSignature
> Read roomNumber
> Write roomNumber
> Read scriptPath
> Write scriptPath
> Read secretary
> Write secretary
> Read securityProtocol
> Write securityProtocol
> Read serialNumber
> Write serialNumber
> Read street
> Write street
> Read Street Address
> Write Street Address
> Read structuralObjectClass
> Write structuralObjectClass
> Read submissionContLength
> Write submissionContLength
> Read supportedAlgorithms
> Write supportedAlgorithms
> Read targetAddress
> Write targetAddress
> Read Telephone Number
> Write Telephone Number
> Read telephoneAssistant
> Write telephoneAssistant
> Read thumbnailLogo
> Write thumbnailLogo
> Read thumbnailPhoto
> Write thumbnailPhoto
> Read Title
> Write Title
> Read tokenGroupsGlobalAndUniversal
> Write tokenGroupsGlobalAndUniversal
> Read uid
> Write uid
> Read unauthOrig
> Write unauthOrig
> Read unauthOrigBL
> Write unauthOrigBL
> Read unmergedAtts
> Write unmergedAtts
> Read userAccountControl
> Write userAccountControl
> Read userCert
> Write userCert
> Read userCertificate
> Write userCertificate
> Read userParameters
> Write userParameters
> Read userPKCS12
> Write userPKCS12
> Read userSharedFolder
> Write userSharedFolder
> Read userSharedFolderOther
> Write userSharedFolderOther
> Read versionNumber
> Write versionNumber
> Read Web Page Address
> Write Web Page Address
> Read x500uniqueIdentifier
> Write x500uniqueIdentifier
> Read ZIP/Postal Code
> Write ZIP/Postal Code
>
> |
|
| Back to top |
|
|
Allan Tee
External
Since: Nov 09, 2005
Posts: 6
|
Posted: Wed Jan 04, 2006 8:55 am Post subject: Re: Delegate remote access permission [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
hi jorge,
you are right i changed the msNPAllowDialin option under [computer] instead
of the [user] section. i was able to delegate Read/Write msNPAllowDialin to
my helpdesk for a particular OU. will have them test it out and reply here
about the result. hope it works! thanks very much!
"Jorge de Almeida Pinto" wrote:
> Yes there is...
> I guess you changed the msNPAllowDialin option under [computer]. You should
> change it under [user]
>
> open up %windir%\system32\dssec.dat again... search for it change the
> computer option back to its original value and the user option this time
> and try again.
>
> create a custom tasks for USER specific objects
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
> # Jorge de Almeida Pinto #
> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> -----------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no rights!
> * Always test before implementing!
> ----------------------------------------------------------------------------- |
|
| Back to top |
|
|
Allan Tee
External
Since: Nov 09, 2005
Posts: 6
|
Posted: Mon Feb 06, 2006 5:06 pm Post subject: Re: Delegate remote access permission [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
hi jorge, setting msNPAllowDialin still didnt grant our helpdesk right to
grant/deny dialin access via ADUC. just to let you and others know. thanks!
"Allan Tee" wrote:
> hi jorge,
>
> you are right i changed the msNPAllowDialin option under [computer] instead
> of the [user] section. i was able to delegate Read/Write msNPAllowDialin to
> my helpdesk for a particular OU. will have them test it out and reply here
> about the result. hope it works! thanks very much!
>
> "Jorge de Almeida Pinto" wrote:
>
> > Yes there is...
> > I guess you changed the msNPAllowDialin option under [computer]. You should
> > change it under [user]
> >
> > open up %windir%\system32\dssec.dat again... search for it change the
> > computer option back to its original value and the user option this time
> > and try again.
> >
> > create a custom tasks for USER specific objects
> >
> > --
> >
> > Cheers,
> > (HOPEFULLY THIS INFORMATION HELPS YOU!)
> > # Jorge de Almeida Pinto #
> > BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> > -----------------------------------------------------------------------------
> > * This posting is provided "AS IS" with no warranties and confers no rights!
> > * Always test before implementing!
> > -----------------------------------------------------------------------------
> |
|
| Back to top |
|
|
Jorge de Almeida Pinto [M
External
Since: Jan 18, 2006
Posts: 273
|
Posted: Sun Feb 19, 2006 1:15 pm Post subject: Re: Delegate remote access permission [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
I understand "it" does not work for you...
what do you mean with "setting msNPAllowDialin still didnt grant our
helpdesk right to
> grant/deny dialin access via ADUC"
explain what you have done
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
"Allan Tee" <AllanTee.RemoveThis@discussions.microsoft.com> wrote in message
news:4A015877-4F99-4175-8233-E4FCC2D43568@microsoft.com...
> hi jorge, setting msNPAllowDialin still didnt grant our helpdesk right to
> grant/deny dialin access via ADUC. just to let you and others know.
> thanks!
>
> "Allan Tee" wrote:
>
>> hi jorge,
>>
>> you are right i changed the msNPAllowDialin option under [computer]
>> instead
>> of the [user] section. i was able to delegate Read/Write msNPAllowDialin
>> to
>> my helpdesk for a particular OU. will have them test it out and reply
>> here
>> about the result. hope it works! thanks very much!
>>
>> "Jorge de Almeida Pinto" wrote:
>>
>> > Yes there is...
>> > I guess you changed the msNPAllowDialin option under [computer]. You
>> > should
>> > change it under [user]
>> >
>> > open up %windir%\system32\dssec.dat again... search for it change the
>> > computer option back to its original value and the user option this
>> > time
>> > and try again.
>> >
>> > create a custom tasks for USER specific objects
>> >
>> > --
>> >
>> > Cheers,
>> > (HOPEFULLY THIS INFORMATION HELPS YOU!)
>> > # Jorge de Almeida Pinto #
>> > BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> > -----------------------------------------------------------------------------
>> > * This posting is provided "AS IS" with no warranties and confers no
>> > rights!
>> > * Always test before implementing!
>> > -----------------------------------------------------------------------------
>> |
|
| Back to top |
|
|
Jorge de Almeida Pinto [M
External
Since: Jan 18, 2006
Posts: 273
|
Posted: Sun Feb 19, 2006 4:00 pm Post subject: Re: Delegate remote access permission [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
just tried it myself using aduc and it says:
Dial-in profile changes were not saved because: Access is denied
However, setting the attribute I mentioned through ADSIEDIT.MSC does work
I used W2K3 SP1
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots RemoveThis @gmail.com> wrote in message
news:%23JsYp4UNGHA.3832@tk2msftngp13.phx.gbl...
>I understand "it" does not work for you...
>
> what do you mean with "setting msNPAllowDialin still didnt grant our
> helpdesk right to
>> grant/deny dialin access via ADUC"
>
> explain what you have done
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>
> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> -----------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no
> rights!
> * Always test before implementing!
> -----------------------------------------------------------------------------
>
>
> -----------------------------------------------------------------------------
> "Allan Tee" <AllanTee RemoveThis @discussions.microsoft.com> wrote in message
> news:4A015877-4F99-4175-8233-E4FCC2D43568@microsoft.com...
>> hi jorge, setting msNPAllowDialin still didnt grant our helpdesk right to
>> grant/deny dialin access via ADUC. just to let you and others know.
>> thanks!
>>
>> "Allan Tee" wrote:
>>
>>> hi jorge,
>>>
>>> you are right i changed the msNPAllowDialin option under [computer]
>>> instead
>>> of the [user] section. i was able to delegate Read/Write msNPAllowDialin
>>> to
>>> my helpdesk for a particular OU. will have them test it out and reply
>>> here
>>> about the result. hope it works! thanks very much!
>>>
>>> "Jorge de Almeida Pinto" wrote:
>>>
>>> > Yes there is...
>>> > I guess you changed the msNPAllowDialin option under [computer]. You
>>> > should
>>> > change it under [user]
>>> >
>>> > open up %windir%\system32\dssec.dat again... search for it change the
>>> > computer option back to its original value and the user option this
>>> > time
>>> > and try again.
>>> >
>>> > create a custom tasks for USER specific objects
>>> >
>>> > --
>>> >
>>> > Cheers,
>>> > (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>> > # Jorge de Almeida Pinto #
>>> > BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>> > -----------------------------------------------------------------------------
>>> > * This posting is provided "AS IS" with no warranties and confers no
>>> > rights!
>>> > * Always test before implementing!
>>> > -----------------------------------------------------------------------------
>>>
>
> |
|
| Back to top |
|
|
Allan Tee
External
Since: Nov 09, 2005
Posts: 6
|
Posted: Sun Feb 19, 2006 4:02 pm Post subject: Re: Delegate remote access permission [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Hi Jorge!
That is the exact error message I get via ADUC "changes were not saved
because: Access is denied"
did you mean i you set msNPAllowDialin attribute via adsiedit.msc and when
you used ADUC to grant/deny dialin access it workeD?
Thanks for following up on this!
"Jorge de Almeida Pinto [MVP]" wrote:
> just tried it myself using aduc and it says:
> Dial-in profile changes were not saved because: Access is denied
>
> However, setting the attribute I mentioned through ADSIEDIT.MSC does work
>
> I used W2K3 SP1
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>
> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> -----------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no rights!
> * Always test before implementing!
> -----------------------------------------------------------------------------
>
>
> -----------------------------------------------------------------------------
> "Jorge de Almeida Pinto [MVP]"
> <SubstituteThisWithMyFullNameSeparatedByDots.TakeThisOut@gmail.com> wrote in message
> news:%23JsYp4UNGHA.3832@tk2msftngp13.phx.gbl...
> >I understand "it" does not work for you...
> >
> > what do you mean with "setting msNPAllowDialin still didnt grant our
> > helpdesk right to
> >> grant/deny dialin access via ADUC"
> >
> > explain what you have done
> >
> > --
> >
> > Cheers,
> > (HOPEFULLY THIS INFORMATION HELPS YOU!)
> >
> > # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
> >
> > BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> > -----------------------------------------------------------------------------
> > * This posting is provided "AS IS" with no warranties and confers no
> > rights!
> > * Always test before implementing!
> > -----------------------------------------------------------------------------
> >
> >
> > -----------------------------------------------------------------------------
> > "Allan Tee" <AllanTee.TakeThisOut@discussions.microsoft.com> wrote in message
> > news:4A015877-4F99-4175-8233-E4FCC2D43568@microsoft.com...
> >> hi jorge, setting msNPAllowDialin still didnt grant our helpdesk right to
> >> grant/deny dialin access via ADUC. just to let you and others know.
> >> thanks!
> >>
> >> "Allan Tee" wrote:
> >>
> >>> hi jorge,
> >>>
> >>> you are right i changed the msNPAllowDialin option under [computer]
> >>> instead
> >>> of the [user] section. i was able to delegate Read/Write msNPAllowDialin
> >>> to
> >>> my helpdesk for a particular OU. will have them test it out and reply
> >>> here
> >>> about the result. hope it works! thanks very much!
> >>>
> >>> "Jorge de Almeida Pinto" wrote:
> >>>
> >>> > Yes there is...
> >>> > I guess you changed the msNPAllowDialin option under [computer]. You
> >>> > should
> >>> > change it under [user]
> >>> >
> >>> > open up %windir%\system32\dssec.dat again... search for it change the
> >>> > computer option back to its original value and the user option this
> >>> > time
> >>> > and try again.
> >>> >
> >>> > create a custom tasks for USER specific objects
> >>> >
> >>> > --
> >>> >
> >>> > Cheers,
> >>> > (HOPEFULLY THIS INFORMATION HELPS YOU!)
> >>> > # Jorge de Almeida Pinto #
> >>> > BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> >>> > -----------------------------------------------------------------------------
> >>> > * This posting is provided "AS IS" with no warranties and confers no
> >>> > rights!
> >>> > * Always test before implementing!
> >>> > -----------------------------------------------------------------------------
> >>>
> >
> >
>
>
> |
|
| Back to top |
|
|
Jorge de Almeida Pinto [M
External
Since: Jan 18, 2006
Posts: 273
|
Posted: Mon Feb 20, 2006 8:36 am Post subject: Re: Delegate remote access permission [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Try it yourself...
Through ADSIEDIT I was able to set the attribute to true/false/not set
which corresponds to Allow Dial-in/Deny Dial-in/Through Policies
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
"Allan Tee" <AllanTee.DeleteThis@discussions.microsoft.com> wrote in message
news:FDD090D8-0800-46DC-AD52-CA497CF882A8@microsoft.com...
> Hi Jorge!
>
> That is the exact error message I get via ADUC "changes were not saved
> because: Access is denied"
>
> did you mean i you set msNPAllowDialin attribute via adsiedit.msc and when
> you used ADUC to grant/deny dialin access it workeD?
>
> Thanks for following up on this!
>
>
>
> "Jorge de Almeida Pinto [MVP]" wrote:
>
>> just tried it myself using aduc and it says:
>> Dial-in profile changes were not saved because: Access is denied
>>
>> However, setting the attribute I mentioned through ADSIEDIT.MSC does work
>>
>> I used W2K3 SP1
>>
>> --
>>
>> Cheers,
>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>
>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>>
>> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> -----------------------------------------------------------------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test before implementing!
>> -----------------------------------------------------------------------------
>>
>>
>> -----------------------------------------------------------------------------
>> "Jorge de Almeida Pinto [MVP]"
>> <SubstituteThisWithMyFullNameSeparatedByDots.DeleteThis@gmail.com> wrote in message
>> news:%23JsYp4UNGHA.3832@tk2msftngp13.phx.gbl...
>> >I understand "it" does not work for you...
>> >
>> > what do you mean with "setting msNPAllowDialin still didnt grant our
>> > helpdesk right to
>> >> grant/deny dialin access via ADUC"
>> >
>> > explain what you have done
>> >
>> > --
>> >
>> > Cheers,
>> > (HOPEFULLY THIS INFORMATION HELPS YOU!)
>> >
>> > # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>> >
>> > BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> > -----------------------------------------------------------------------------
>> > * This posting is provided "AS IS" with no warranties and confers no
>> > rights!
>> > * Always test before implementing!
>> > -----------------------------------------------------------------------------
>> >
>> >
>> > -----------------------------------------------------------------------------
>> > "Allan Tee" <AllanTee.DeleteThis@discussions.microsoft.com> wrote in message
>> > news:4A015877-4F99-4175-8233-E4FCC2D43568@microsoft.com...
>> >> hi jorge, setting msNPAllowDialin still didnt grant our helpdesk right
>> >> to
>> >> grant/deny dialin access via ADUC. just to let you and others know.
>> >> thanks!
>> >>
>> >> "Allan Tee" wrote:
>> >>
>> >>> hi jorge,
>> >>>
>> >>> you are right i changed the msNPAllowDialin option under [computer]
>> >>> instead
>> >>> of the [user] section. i was able to delegate Read/Write
>> >>> msNPAllowDialin
>> >>> to
>> >>> my helpdesk for a particular OU. will have them test it out and reply
>> >>> here
>> >>> about the result. hope it works! thanks very much!
>> >>>
>> >>> "Jorge de Almeida Pinto" wrote:
>> >>>
>> >>> > Yes there is...
>> >>> > I guess you changed the msNPAllowDialin option under [computer].
>> >>> > You
>> >>> > should
>> >>> > change it under [user]
>> >>> >
>> >>> > open up %windir%\system32\dssec.dat again... search for it change
>> >>> > the
>> >>> > computer option back to its original value and the user option this
>> >>> > time
>> >>> > and try again.
>> >>> >
>> >>> > create a custom tasks for USER specific objects
>> >>> >
>> >>> > --
>> >>> >
>> >>> > Cheers,
>> >>> > (HOPEFULLY THIS INFORMATION HELPS YOU!)
>> >>> > # Jorge de Almeida Pinto #
>> >>> > BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> >>> > -----------------------------------------------------------------------------
>> >>> > * This posting is provided "AS IS" with no warranties and confers
>> >>> > no
>> >>> > rights!
>> >>> > * Always test before implementing!
>> >>> > -----------------------------------------------------------------------------
>> >>>
>> >
>> >
>>
>>
>> |
|
| Back to top |
|
|
Allan Tee
External
Since: Nov 09, 2005
Posts: 6
|
Posted: Mon Feb 20, 2006 8:36 am Post subject: Re: Delegate remote access permission [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Hi Jorge.
I tried setting true/false/not set for NPAllowDialin attribute via Adsiedit.
However this will not work because our helpdesk need to use mmc console to
remote manage AD users. Thanks anyway!
"Jorge de Almeida Pinto [MVP]" wrote:
> Try it yourself...
>
> Through ADSIEDIT I was able to set the attribute to true/false/not set
> which corresponds to Allow Dial-in/Deny Dial-in/Through Policies
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>
> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> -----------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no rights!
> * Always test before implementing!
> -----------------------------------------------------------------------------
>
>
> -----------------------------------------------------------------------------
> "Allan Tee" <AllanTee RemoveThis @discussions.microsoft.com> wrote in message
> news:FDD090D8-0800-46DC-AD52-CA497CF882A8@microsoft.com...
> > Hi Jorge!
> >
> > That is the exact error message I get via ADUC "changes were not saved
> > because: Access is denied"
> >
> > did you mean i you set msNPAllowDialin attribute via adsiedit.msc and when
> > you used ADUC to grant/deny dialin access it workeD?
> >
> > Thanks for following up on this!
> >
> >
> >
> > "Jorge de Almeida Pinto [MVP]" wrote:
> >
> >> just tried it myself using aduc and it says:
> >> Dial-in profile changes were not saved because: Access is denied
> >>
> >> However, setting the attribute I mentioned through ADSIEDIT.MSC does work
> >>
> >> I used W2K3 SP1
> >>
> >> --
> >>
> >> Cheers,
> >> (HOPEFULLY THIS INFORMATION HELPS YOU!)
> >>
> >> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
> >>
> >> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> >> -----------------------------------------------------------------------------
> >> * This posting is provided "AS IS" with no warranties and confers no
> >> rights!
> >> * Always test before implementing!
> >> -----------------------------------------------------------------------------
> >>
> >>
> >> -----------------------------------------------------------------------------
> >> "Jorge de Almeida Pinto [MVP]"
> >> <SubstituteThisWithMyFullNameSeparatedByDots RemoveThis @gmail.com> wrote in message
> >> news:%23JsYp4UNGHA.3832@tk2msftngp13.phx.gbl...
> >> >I understand "it" does not work for you...
> >> >
> >> > what do you mean with "setting msNPAllowDialin still didnt grant our
> >> > helpdesk right to
> >> >> grant/deny dialin access via ADUC"
> >> >
> >> > explain what you have done
> >> >
> >> > --
> >> >
> >> > Cheers,
> >> > (HOPEFULLY THIS INFORMATION HELPS YOU!)
> >> >
> >> > # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
> >> >
> >> > BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> >> > -----------------------------------------------------------------------------
> >> > * This posting is provided "AS IS" with no warranties and confers no
> >> > rights!
> >> > * Always test before implementing!
> >> > -----------------------------------------------------------------------------
> >> >
> >> >
> >> > -----------------------------------------------------------------------------
> >> > "Allan Tee" <AllanTee RemoveThis @discussions.microsoft.com> wrote in message
> >> > news:4A015877-4F99-4175-8233-E4FCC2D43568@microsoft.com...
> >> >> hi jorge, setting msNPAllowDialin still didnt grant our helpdesk right
> >> >> to
> >> >> grant/deny dialin access via ADUC. just to let you and others know.
> >> >> thanks!
> >> >>
> >> >> "Allan Tee" wrote:
> >> >>
> >> >>> hi jorge,
> >> >>>
> >> >>> you are right i changed the msNPAllowDialin option under [computer]
> >> >>> instead
> >> >>> of the [user] section. i was able to delegate Read/Write
> >> >>> msNPAllowDialin
> >> >>> to
> >> >>> my helpdesk for a particular OU. will have them test it out and reply
> >> >>> here
> >> >>> about the result. hope it works! thanks very much!
> >> >>>
> >> >>> "Jorge de Almeida Pinto" wrote:
> >> >>>
> >> >>> > Yes there is...
> >> >>> > I guess you changed the msNPAllowDialin option under [computer].
> >> >>> > You
> >> >>> > should
> >> >>> > change it under [user]
> >> >>> >
> >> >>> > open up %windir%\system32\dssec.dat again... search for it change
> >> >>> > the
> >> >>> > computer option back to its original value and the user option this
> >> >>> > time
> >> >>> > and try again.
> >> >>> >
> >> >>> > create a custom tasks for USER specific objects
> >> >>> >
> >> >>> > --
> >> >>> >
> >> >>> > Cheers,
> >> >>> > (HOPEFULLY THIS INFORMATION HELPS YOU!)
> >> >>> > # Jorge de Almeida Pinto #
> >> >>> > BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> >> >>> > -----------------------------------------------------------------------------
> >> >>> > * This posting is provided "AS IS" with no warranties and confers
> >> >>> > no
> >> >>> > rights!
> >> >>> > * Always test before implementing!
> >> >>> > -----------------------------------------------------------------------------
> >> >>>
> >> >
> >> >
> >>
> >>
> >>
>
>
> |
|
| Back to top |
|
|
EricE
External
Since: May 31, 2007
Posts: 1
|
Posted: Thu May 31, 2007 2:22 am Post subject: Re: Delegate remote access permission [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
here are the steps I completed to do this. And yes it works through
ADUC. The main thing I see missing from above is granting the
read/srite userParameters right.
ManageDialin
Note: this model requires editing the C:\windows\system32\DSSEC.DAT
file on the DC that you are running ADUC on. See
http://support.microsoft.com/?id=296490 for more details. In short,
some of the rights that need to be delegated are filtered out from the
list by default. Edit the file so that these permissions are no longer
filtered (set them from 7 to a 0):
1. Set the following values to 0 under the [user] area in the file (not
under [computer]):
" msNPAllowDialin=0
msNPCallingStationID=0
msNPSavedCallingStationID=0
msRADIUSCallbackNumber=0
msRADIUSFramedIPAddress=0
msRADIUSFramedRoute=0
msRADIUSServiceType=0
msRASSavedCallbackNumber=0
msRASSavedFramedIPAddress=0
msRASSavedFramedRoute=0"
2. Save the file and then open ADUC / run delegation wizard etc as
outlined below.
3. Specify the group to delegate to (DELG Group)
4. Select Create a custom task to delegate and select Next
5. Select Only the following objects in the folder
a. User objects
6. Select Next
7. Select General and Property-specific under Show these permissions
8. Select "Read and Write Remote Access Information"
9. Select the Read and Write checkboxes for all of the following
attributes
" msNPAllowDialin
msNPCallingStationID
msNPSavedCallingStationID
msRADIUSCallbackNumber
msRADIUSFramedIPAddress
msRADIUSFramedRoute
msRADIUSServiceType
msRASSavedCallbackNumber
msRASSavedFramedIPAddress
msRASSavedFramedRoute
userParameters"
10. Select Next
11. Review Summary and Select Finish to complete
--
EricE
------------------------------------------------------------------------
EricE's Profile: http://forums.techarena.in/member.php?userid=26195
View this thread: http://forums.techarena.in/showthread.php?t=401641
http://forums.techarena.in |
|
| Back to top |
|
|
danthony2
External
Since: Jul 21, 2009
Posts: 1
|
|
| Back to top |
|
|
Meinolf Weber [MVP-DS]
External
Since: Jan 16, 2009
Posts: 29
|
Posted: Tue Jul 21, 2009 7:10 pm Post subject: Re: Delegate remote access permission [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Hello danthony2,
As you said this seems to be an old posting, because no surce problem is
to see. So please describe in detail what you are trying to achive. Is the
2003 server a domain controller, domain member or workgroup server? Is it
fully patched?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> Sorry to bring back such an old post but I need to do the same thing
> for mobile numbers and was wondering if this would work for Windows
> 2003?
>
> http://forums.techarena.in
> |
|
| Back to top |
|
|
danthony2
External
Since: Jul 22, 2009
Posts: 1
|
|
| Back to top |
|
|
Meinolf Weber [MVP-DS]
External
Since: Jan 16, 2009
Posts: 29
|
Posted: Tue Jul 21, 2009 9:10 pm Post subject: Re: Delegate remote access permission [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Hello danthony2,
Again i can not see any solution in your posting, that's the reason i asked
you to start a new thread with all information about.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> Hello Meinolf,
>
> Thanks for the offer of help. I believe the 9 DCs are all running SP2.
> Our goal is to only delegate 1 group (Helpdesk) to be able to
> read/write the mobile number field in ADUC. I think the solution above
> will work for this?
>
> Thanks,
> David
> http://forums.techarena.in
> |
|
| Back to top |
|
|
|
Microsoft Windows (other)