Home > Articles

  • Print
  • + Share This
This chapter is from the book

Delegating Remote Administration

Perhaps the easiest way to control who has access to log on remotely to a server is to modify the built-in Remote Desktop Users group. By default, the security settings on Windows Server 2003 servers limits remote access to administrators and the Remote Desktop Users group.

To extend this security by limiting what a user can do after a remote session has been established to a server, you can delegate administration in Windows Server 2003. By delegating administration, a wide range of administrative tasks can be assigned to the appropriate users and groups. You can assign basic administrative tasks to regular server admin groups, and leave domainwide and forestwide administration to members of the Domain Admins and Enterprise Admins groups.

You can delegate administration by using either the Delegation of Control Wizard or the Authorization Manager MMC snap-in. The Delegation of Control wizard walks you through a series of steps to execute the process. The Authorization Manager provides a bit more flexibility, but with a lot more complexity. The Delegation of Control Wizard is detailed in Chapter 4, "Distributing Administration."

  • + Share This
  • 🔖 Save To Your Account