Active directory Delegation with Group
Policy:
How can I implement AD delegation with Group Policy
How can I implement AD delegation with Group Policy
AD
based Group Policy is a very useful tool in implementing a delegation model. It
provides a number of capabilities that can be used to manage aspects of
security across multiple object types and ensures the adherence to a known
state. Useful aspects include:
- User Rights Assignment - This can be used
to grant / revoke special abilities required for some management tasks.
- Restricted Groups – This provides the capability to
enforce security group membership. This capability is useful for ensuring a
known-state membership of security sensitive groups. It is recommended that
this mechanism is used to control the membership of groups such as Enterprise
Admins, Schema Admins, and Domain Admins within an environment.
- File System Permissions – This capability
can be used to control the access control lists of NTFS file system objects.
- Registry – This capability can be used to control
access to specific registry keys.
- Services - This capability can be used to control
access to specific services.
All of the
above can be assigned in a granular fashion to specific groups of objects
depending on the underlying group policy strategy deployed. Indeed, the
requirements of the delegation model may drive the group policy design to some
degree.
No comments:
Post a Comment