Dns permissions for windows 2003 sp2 or later, Dns permissions for, Windows 2003 sp2 or later – HP Storage Mirroring V4.5 Software User Manual

A - 4

DNS permissions for Windows 2003 SP2 or later

Verify that the user has permissions to update DNS. The user must be:



The user must be a member of the DnsAdmins domain local group. For details, see

Assigning

the user to the DnsAdmins group

on page A-3.



A member of the Server Operator, at the very least, to Deny the source access to the records.

The resource record security can be set through the record properties within the DNSMgmt

console. For details, see

Assigning the user to the Server Operator group

on page A-4.



One of the following:



A member of the Domain Admins group, or



Full Control on each of the individual DNS records that are associated to the source IP and

to be updated by the DNS Failover utility (DFO.exe). For details, see

Assigning Full Control

on page A-4.

Assigning the user to the Server Operator group

Follow these steps to add a user to the servers Server Operator group.

1.

Select Start, Programs, Administrative Tools (Common), Active Directory Users and

Computers.

2.

Click on Builtin.

3.

Right-click the Server Operators group and select Properties.

4.

Select the Members tab.

5.

To add a user to the group, click Add.

6.

In Location, click the domain containing the users you want to add, then click OK.

7.

In Name, type the name of the user you want to add to the group. If you want to validate the

user or group names that you are adding, click Check Names.

8.

Click OK to close all open dialog boxes.

Assigning Full Control

Follow the following procedure must be done on the DNS server to allow

dfo.exe

to be able to

connect through WMI to alter the source server records.

1.

Click Start, Run, and type

wmimgmt.msc

. Click OK.

2.

Right-click WMI Control, then click Properties.

3.

Click the Security tab.

4.

Expand the Root folder, select the MicrosoftDNS folder, then click Security.

5.

Click Add. Type the user or group name you wish to use in the Enter the object names to

select box, click Check Names to verify your entry or entries, and then click OK.

6.

In the Permissions for User list, select the Allow checkbox next to the following permissions:



Execute Methods



Enable Account



Remote Enable



Read Security

7.

Click Advanced. In the Permission entries list, select the user you added in step 5, then click

Edit.

8.

In the Apply onto box, click This namespace and subnamespaces.

9.

Click OK four times.

10.

Quit the WMI Control snap-in.

11.

Click Start, Run, and type

dcomcnfg.exe

. Click OK.

12.

Select Component Services and then expand it. Expand Computers. Right-click My

Computer and select Properties.

13.

Select the COM Security tab.

14.

In the Access Permissions section, click Edit Limits.