1

Currently my IPAM server is on a server which does more than just IPAM - I would like to allow level 1 and 2 technicians some access to the IPAM server via RSAT, but I can't find any information on allowing only permissions to administering that role.

I can only add the server, or manage as, with administrative privileges but not without it seems - does anyone know if granular access controls for server manager are possible via RSAT?

Cheers,

Brad

Brad
  • 21
  • 2
  • Brad, welcome to the site, what _exactly is it you want to prevent them from administering? The reason I ask is that some stuff might fall under MS' Role Based Administration, and thus make things a bit easier for you. – MDMoore313 Apr 14 '15 at 16:12
  • 1
    Sorry - I should have updated this - after some further testing with the locally created security groups created when adding the IPAM role provided the appropriate permissions for my intended usage. I will update this question with a solution. – Brad Apr 16 '15 at 03:20

1 Answers1

1

After some further testing with the local security groups created with the installation of the IPAM role I was able to add the server to Server Manager with a less privileged user.

Adding the required users/groups to the locally created 'IPAM Users' group allowed those members to add the IPAM server to Server Manager with only enough permissions to view the IPAM component.

This combined with applying IPAM Access Controls and Access Policies allowed me to provide granular permissions to a subset of DHCP scopes and tasks.

Brad
  • 21
  • 2