Steve Riley [MSFT] <(E-Mail Removed)> wrote in
news:(E-Mail Removed):
While what Steve says is correct, it is fairly easy to do what you want
by changing the permissions on the %SystemRoot%\system32\IAS directory
and the files contained in it (.MDB and .LDB's). You can also use a tool
like SetACL to grant your IAS admins the rights to control the IAS
service and TS config and GPO to allow them to log on to the DC's.
Registering IAS in AD just makes the IAS server a member of the "RAS and
IAS Servers" group so it can read the user attributes, so, security not
withstanding, you can delegate that right, too.
HTH,
Wayne Tilton
> There is no separate "IAS Administrator" role. Since IAS is a security
> feature, and since you must be a domain administrator to register IAS
> in Active Directory, only domain administrators can manage IAS.
>
> Steve Riley
> (E-Mail Removed)
>
>
>
>> Hi,
>>
>> I've been asked to provide Radius via IAS on our Windows 2003 Domain
>> Controllers. I would like to delegate control of the IAS/Radius
>> configuration to other members of my team, without giving them
>> Administrator permissions on the Domain Controllers. Can anybody tell
>> me if this is possible, as i've not yet been able to work out where
>> the IAS config data is stored, or whether access to it can be
>> delegated.
>>
>> Many thanks
>>
Similar Threads
Linear Mode
