Cheers!<o:p></o:p>
I am trying
to provide a junior admin with rights to modify only the home drive and home
drive path setting on the terminal server tab in ADUC. <o:p></o:p>
I have read
through the discussion here:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/91072599-65c0-4b40-bd8b-4aa5f2bc47f6/delegate-terminal-services-tab-permissions<o:p></o:p>
This discussion describes my issue exactly. I have tried using the ADUC delegation
wizard as explained in the post above as well as using the advanced ACL editor
to prescribe read write permissions to the specific terminal server properties.
With each approach the access seems to work as the input boxes are not greyed
out after I apply the rights, but when I go to apply the settings change it
gives an operation failed: access denied message.<o:p></o:p>
The article above is marked as answered, but there are comments posted later that show
others have the same failed result after following the steps. I will also note
that when I tested either approach (wizard or advanced ACL editor) with other
property setting tabs in ADUC I was successful. This shows that either approach
should work, but for some reason only the Terminal server properties seem to
have this behavior. This is an exception situation where the standard technique does not work under specific circumstances.
This link
http://blogs.technet.com/b/heyscriptingguy/archive/2008/10/23/how-can-i-edit-terminal-server-profiles-for-users-in-active-directory.aspx
talks about how the terminal server tab in ADUC was developed separately, and
therefore requires a special scripting technique to modify the TS settings.
This may be a clue as to why the behavior is different with the TS tab in ADUC.<o:p></o:p>
My environment is a mix of Win2k3 and Win2k8 servers with a domain functional
level set to 2003.<o:p></o:p>
Thanks in advance for any help with this.
Steven Terry