This month as you probably know I was quite busy with Platforma, so there is my very short wrap-up for two months. I hope the following month will be more full of content.
How to grant someone right to edit a particular DNS zone without giving out too much.
Book news. Download and read. Free.
Announcing the future event. Now it is over, I’m back =)
Continuation of the series: some tricks about running several commands within one line and depending on the previous command result.
What to do is you found a vulnerability? Do you know? Then tell me.
the CLI nostalgic series continues (recover, systeminfo, takeown)
are you still downloading from torrents? Malware and hackers are going to you
the CLI nostalgic series continues (findstr, msdt, openfiles)
I’m back. Sorry for such a long absence: all those conferences and MVP gatherings take too much of endurance, though are very useful and pleasant. But now I’m really back and today we will delegate control over one of our DNS zones (without granting control over the whole DNS server or even AD) to, say, junior administrator. It is obvious that we can just give him necessary rights for the zone using permission tab in its properties menu:
but that still doesn’t give you rights to connect to your DNS server through mmc console:
What shall we do to give the access? Of course we can the junior admin local admin rights, but:
it is a bit overkill
it will give more permission for DNS than we need to give him
usually DNS servers are placed on a DC, so the junior will automatically become a domain admin
So, what we need to do is to grant him Read permission to the DNS server itself:
And now our junior has access he needs:
And of course don’t grant the permissions directly: create a group, put the user in it and grant permissions to the group.