server12 委派_在Server 2008中使用控制委派向导分配权限
server12 委派
Another great feature of Server 2008, is how the Delegation of Control Wizard simplifies adding rights for common tasks to groups or administrators.
Server 2008的另一个重要功能是控制委派向导如何简化向组或管理员添加常见任务的权限。
We’re going to say that we’ve just started building our network, and we’d like to give our Helpdesk admins the ability to reset passwords for people. Since we don’t want the Helpdesk modifying other parts of our domain, we want to restrict their access rights to only that task, for the time being. The simplest way is to use the Delegation of Control Wizard, so we’ll start by going to our Administrative Tools and opening the Active Directory Users and Computers snap-in. Once we expand our domain, we’ll go down to the OU that holds our Helpdesk group, right-click on it, and choose Delegate Control.
我们要说的是,我们才刚刚开始建立网络,我们希望使我们的帮助台管理员能够为人们重置密码。 由于我们不希望帮助台修改域的其他部分,因此我们暂时希望将他们的访问权限限制为仅该任务。 最简单的方法是使用“委派向导”,因此我们将首先转到“ 管理工具”并打开“ Active Directory用户和计算机”管理单元。 扩展域后,我们将进入拥有帮助台组的OU,右键单击该组,然后选择Delegate Control。
The wonderful welcome screen of the Delegation Wizard pops up, and we click Next.
弹出委派向导的美妙的欢迎屏幕,然后单击下一步。
We need to add our Helpdesk, so we click Add.
我们需要添加我们的帮助台,因此我们单击添加。
We type in the name of our group, helpdesk, and then click the Check Names button. Once it finds them in AD, the name will display fully, and we can click the OK button.
我们输入组的名称helpdesk ,然后单击“ 检查名称”按钮。 一旦在AD中找到它们,该名称就会完整显示,我们可以单击“ 确定”按钮。
Once it shows up in our list of selected users and groups, we’ll move forwards by clicking the Next button again.
一旦它出现在我们的选定用户和组列表中,我们将再次单击下一步按钮前进。
Now we get to the real power of the Delegation of Control Wizard. The wizard lists out the most commonly used tasks to delegate control for, but also allows you to add some of the more obscure rights as well through the Create a custom task to delegate option. Since we just want to give our helpdesk admins the right to reset passwords, we’ll choose that one from the list and click Next.
现在,我们掌握了控制委派向导的真正功能。 该向导列出了最常用的任务来委派控制,但是还允许您通过创建自定义任务来委派选项来添加一些更晦涩的权限。 由于我们只想授予我们的服务台管理员重设密码的权利,因此我们将从列表中选择一个,然后单击“ 下一步”。
Next we’ll get a summary of all the controls we are about to delegate. It’s always a good idea to browse over this, just to make sure you didn’t accidentally check one of the wrong boxes by accident. Once we’re certain that everything looks good, we click the Finish button.
接下来,我们将总结要委派的所有控件。 浏览此内容始终是一个好主意,以确保您不会意外地误选了一个错误的框。 一旦确定一切看起来都不错,请单击“ 完成”按钮。
To verify what rights we’ve just delegated, we open a command prompt and type in dsacls.exe “ou=People,dc=sysadmingeek,dc=com”
要验证我们刚刚委派的权限,我们打开命令提示符,然后输入dsacls.exe“ ou = People,dc = sysadmingeek,dc = com”
We can now see the rights listed out, and how those rights are inherited by our helpdesk admin, Susan Doe.
现在,我们可以看到列出的权利,以及我们的服务台管理员Susan Doe如何继承这些权利。
This was just a brief glimpse of the Delegation Wizard, and you can use it much more in depth than we’ve shown to get more specific with user and group controls.
这只是“委派向导”的简要介绍,您可以比我们展示的更深入地使用它,以使用户和组控件更加具体。
server12 委派