Difference between revisions of "BCX Network Management Tools Non Domain Admin Access"
(Created page with " Allow non-Domain Admins to use BCX Management Tools There are some instances where you would like users without Domain Admins permissions to be able to use BCX Management to...") |
|||
| Line 11: | Line 11: | ||
The recommended process follows: | The recommended process follows: | ||
| + | |||
| + | |||
| + | User Group | ||
| + | |||
| + | For ease of granting rights, we recommend creating an AD Group for Non-Admin Users (BCXManagerUsers), which you will populate with the required user accounts. | ||
| + | |||
| + | Awaiting screenshot | ||
| + | |||
| + | SQL | ||
| + | |||
| + | Once created and members assigned the group can be added to your BCX SQL instance. | ||
| + | |||
| + | Add new logon for BCXManagerUsers group with bcxdb database and db_datareader/db_datawriter database role memberships | ||
| + | |||
| + | Awaiting screenshot | ||
| + | |||
| + | BCXManagerV4 Directory | ||
| + | |||
| + | You will then need to add Security – Read rights for the group on the BCXManagerV4 Directory | ||
| + | |||
| + | Awaiting screenshot | ||
| + | |||
| + | Data Server Access | ||
| + | |||
| + | If you require the group members to view Home Directories from within BCX, you will need to give Security – Read rights on the relevant directories on the User Data server | ||
| + | |||
| + | Awaiting screenshot | ||
| + | |||
| + | That covers the basic operations. | ||
| + | If you require access for Creating users / Adding Stations / Remote Funcionality, read on. | ||
| + | |||
| + | |||
| + | Create/Manage Users | ||
| + | |||
| + | In order to Create/Manage Users you will need to delegate the required rights on specific OUs in AD: | ||
| + | |||
| + | AD Delegate Rights | ||
| + | Users OUs | ||
| + | Delegate common tasks: | ||
| + | Create, delete. and manage user accounts | ||
| + | Reset user passwords and force password change at next logon | ||
| + | Read all user information | ||
| + | Create, delete and manage groups | ||
| + | Modify the membership of a group | ||
| + | |||
| + | Awaiting screenshot | ||
| + | |||
| + | Add/Manage Stations | ||
| + | |||
| + | Similarly to Add/Manage Stations: | ||
| + | AD Delegate Rights | ||
| + | Stations OUs | ||
| + | Create a custom task to delegate | ||
| + | |||
| + | Awaiting screenshot | ||
| + | |||
| + | Choose Only the following objects in the folder and check the box Computer Objects. Check the boxes Create selected objects in this folder, Delete selected objects in this folder. | ||
| + | |||
| + | Awaiting screenshot | ||
| + | |||
| + | Permissions – Select General, Creation/deletion of specific child objects. Select Create All Child Objects, Delete All Child Objects. – Also Read/Write | ||
| + | |||
| + | Awaiting screenshot | ||
| + | |||
| + | |||
| + | |||
| + | Remote Functions | ||
| + | |||
| + | There are several Remote functions launchable from BCX: | ||
| + | |||
| + | Remote Desktop connection | ||
| + | |||
| + | RDP rights GPO | ||
| + | |||
| + | Awaiting screenshot | ||
| + | |||
| + | Awaiting screenshot | ||
| + | |||
| + | And add group to Remote Desktop Users | ||
| + | |||
| + | Awaiting screenshot | ||
| + | |||
| + | |||
| + | Remote browse C$ | ||
| + | |||
| + | Add administrators to above | ||
| + | |||
| + | Awaiting screenshot | ||
| + | |||
| + | |||
| + | Remote Assistance | ||
| + | |||
| + | Awaiting screenshot | ||
Revision as of 15:23, 11 December 2024
Allow non-Domain Admins to use BCX Management Tools
There are some instances where you would like users without Domain Admins permissions to be able to use BCX Management tools.
This is possible to varying degrees of useability
A non-Domain admin user may open BCX and use limited functions by adding rights on the BCXDB in SQL
Use of other functions may be enabled by delegating rights over specific OUs in Active Directory and through the use of GPOs.
The recommended process follows:
User Group
For ease of granting rights, we recommend creating an AD Group for Non-Admin Users (BCXManagerUsers), which you will populate with the required user accounts.
Awaiting screenshot
SQL
Once created and members assigned the group can be added to your BCX SQL instance.
Add new logon for BCXManagerUsers group with bcxdb database and db_datareader/db_datawriter database role memberships
Awaiting screenshot
BCXManagerV4 Directory
You will then need to add Security – Read rights for the group on the BCXManagerV4 Directory
Awaiting screenshot
Data Server Access
If you require the group members to view Home Directories from within BCX, you will need to give Security – Read rights on the relevant directories on the User Data server
Awaiting screenshot
That covers the basic operations. If you require access for Creating users / Adding Stations / Remote Funcionality, read on.
Create/Manage Users
In order to Create/Manage Users you will need to delegate the required rights on specific OUs in AD:
AD Delegate Rights Users OUs Delegate common tasks: Create, delete. and manage user accounts Reset user passwords and force password change at next logon Read all user information Create, delete and manage groups Modify the membership of a group
Awaiting screenshot
Add/Manage Stations
Similarly to Add/Manage Stations: AD Delegate Rights Stations OUs Create a custom task to delegate
Awaiting screenshot
Choose Only the following objects in the folder and check the box Computer Objects. Check the boxes Create selected objects in this folder, Delete selected objects in this folder.
Awaiting screenshot
Permissions – Select General, Creation/deletion of specific child objects. Select Create All Child Objects, Delete All Child Objects. – Also Read/Write
Awaiting screenshot
Remote Functions
There are several Remote functions launchable from BCX:
Remote Desktop connection
RDP rights GPO
Awaiting screenshot
Awaiting screenshot
And add group to Remote Desktop Users
Awaiting screenshot
Remote browse C$
Add administrators to above
Awaiting screenshot
Remote Assistance
Awaiting screenshot