Hello Makarije,
You can not remove domain admins the right to make changes on the DNS servers.
They can revert all settings because they are domain admins. Normally no
domain user is able to logon to DC's and also not to change anything, also
not from domain workstations.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
[Quoted Text] > Hi, we are in need to prevent access to DNS servers to only three "dns
> administrators". The DNS servers are also domain controllers, running
> of
> Windows 2000 servers. DNS zones are active directory integrated. We
> need to
> prevent users from accessing DNS servers using DNS MMC either from dns
> server
> it self and from local workstations.
> Current security settings on DNS server (DNS MMC/server
> properties/Security)
> allow access to DNS server for Domain Admins (full rights), System,
> Authenticated users (read only and inherited special permissions),
> Administrators (full access). We would like to setup only one group
> DNS
> admins with full access rights on DNS servers - this groups should
> only be
> allowed to make changes to DNS server like adding/deleting records but
> on the
> other side, we need to keep DNS server Active directory functions.
> Thanks for your help.
> Regards,
|