Information Technology Reference
In-Depth Information
First Name: robert
Last Name: admin
User Logon Name: radmin
Password: p@ssw0rd
3.
Right-click the Sales OU and select Delegate Control. This starts the Delegation Of Con-
trol Wizard. Click Next.
4.
To add users and groups to which you want to delegate control, click the Add button. In
the Add dialog box, enter robert admin for the name of the user to add. Note that you
can specify multiple users or groups using this option.
5.
Click OK to add the account to the delegation list, which is shown in the Users Or
Groups page. Click Next to continue.
6.
On the Tasks To Delegate page, you must specify which actions you want to allow the
selected user to perform within this OU. Select the Delegate The Following Common
Tasks option and place a check mark next to the following options:
Create, Delete, And Manage User Accounts
Reset User Passwords And Force Password Change At Next Logon
Read All User Information
Create, Delete And Manage Groups
Modify The Membership Of A Group
7.
Click Next to continue. The wizard provides you with a summary of the selections that
you have made on the Completing The Delegation Of Control Wizard page. To complete
the process, click Finish to have the wizard commit the changes.
Now when the user Robert Admin logs on (using radmin as his logon name), he will be
able to perform common administrative functions for all the objects contained within
the Sales OU.
8.
When you have finished, close the Active Directory Users and Computers tool.
Understanding Dynamic Access Control
One of the advantages of Windows Server 2012 R2 is the ability to apply data governance
to your file server. This will help control who has access to information and auditing. You
get these advantages through the use of Dynamic Access Control (DAC). DAC allows you
to identify data by using data classifications (both automatic and manual) and then to con-
trol access to these files based on these classifications.
 
Search WWH ::




Custom Search