Information Technology Reference
In-Depth Information
exercise 6.4
(continued)
7.
At this point you should be looking at the Group Policy Test Delegation window. Click
the Advanced button in the lower-right corner.
8.
Highlight the Policy Admin account and check the Allow Full Control box. This user now
has full control of these OUs and all child OUs and GPOs for these OUs. Click OK.
If you just want to give this user individual rights, then, in the Properties window (step
8), click the Advanced button and then the Effective Permissions tab. This is where you
can also choose a user and give them only the rights that you want them to have.
9.
When you have finished, close the GPMC tool.
understanding delegation
Although I have talked about delegation throughout the topic, it's important to discuss it
again in the context of OUs, Group Policy, and Active Directory.
Once configured, Active Directory administrative delegation allows an administrator to
delegate tasks (usually administration related) to specific user accounts or groups. What
this means is that if you don't manage it all, the user accounts (or groups) you choose will
be able to manage their portions of the tree.
It's important to be aware of the benefits of Active Directory Delegation (AD Delegation).
AD Delegation
will help you manage the assigning of administrative control over objects
in Active Directory, such as users, groups, computers, printers, domains, and sites. AD
Delegation is used to create more administrators, which essentially saves time.
For example, let's say you have a company whose IT department is small and situated in
a central location. The central location connects three other smaller remote sites. These
sites do not each warrant a full-time IT person, but the manager on staff (for example) at
each remote site can become an administrator for their portion of the tree. If that man-
ager administers the user accounts for the staff at the remote site, this reduces the bur-
den on the system administrator of doing trivial administrative work, such as unlocking
user accounts or changing passwords, and thus it reduces costs.
Search WWH ::
Custom Search