Very important to know.
It will not be possible to assign DHCP administration and monitoring privileges to other user accounts on the server.
So, question comes then how to do that. Whenever you install and configure DHCP server role, by default it creates two active directory security account "DHCP Administrators" and "DHCP Users".
Members of the "DHCP Administrators" group have administrative access to the Dynamic Host Configuration Protocol (DHCP) Server service. This group provides a way to assign limited administrative access to the DHCP server only, while not providing full access to the server. Members of this group can administer DHCP on a server using the DHCP console or the Netsh command, but are not able to perform other administrative actions on the server.Members of the "DHCP Users" group have read-only access to the DHCP Server service. This allows members to view information and properties stored at a specified DHCP server. This information is useful to support staff when they need to obtain DHCP status reports.
You can add users in these groups accordingly to their access requirements.
There could be a situation that both of the groups are not available or some how both are deleted. Then there is a way to re-create these groups and you have to add members in these groups again.
1. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
2. Click Yes if prompted by User Account Control, type netsh dhcp add securitygroups and then press ENTER.
If i talk personally, i have seen many cases in which members of "DHCP Administrators" will not be able to do full administrations of DHCP role. Like they can not "authorized" or "unauthorized" DHCP servers, for example. I am going to write one more article in which you will explain this,
Delegating DHCP Server Administration (Deep Dive)
0 comments:
Post a Comment