Difference between revisions of "BCX Network Management Tools Non Domain Admin Access"

From BCX Media Wiki
Jump to navigation Jump to search
m
Line 16: Line 16:
  
 
For ease of granting rights, we recommend creating an AD Group for Non-Admin Users  (BCXManagerUsers), which you will populate with the required user accounts.
 
For ease of granting rights, we recommend creating an AD Group for Non-Admin Users  (BCXManagerUsers), which you will populate with the required user accounts.
 +
  
 
Awaiting screenshot
 
Awaiting screenshot
 +
  
 
SQL
 
SQL
 +
  
 
Once created and members assigned the group can be added to your BCX SQL instance.
 
Once created and members assigned the group can be added to your BCX SQL instance.
  
 
Add new logon for BCXManagerUsers group with bcxdb  database and  db_datareader/db_datawriter  database role memberships
 
Add new logon for BCXManagerUsers group with bcxdb  database and  db_datareader/db_datawriter  database role memberships
 +
  
 
Awaiting screenshot
 
Awaiting screenshot
 +
  
 
BCXManagerV4 Directory
 
BCXManagerV4 Directory
 +
  
 
You will then need to add Security – Read rights for the group on the BCXManagerV4 Directory
 
You will then need to add Security – Read rights for the group on the BCXManagerV4 Directory
 +
  
 
Awaiting screenshot
 
Awaiting screenshot
 +
  
 
Data Server Access
 
Data Server Access
 +
  
 
If you require the group members to view Home Directories from within BCX, you will need to give Security – Read rights on the relevant directories on the User Data server  
 
If you require the group members to view Home Directories from within BCX, you will need to give Security – Read rights on the relevant directories on the User Data server  
 +
  
 
Awaiting screenshot
 
Awaiting screenshot
 +
  
 
That covers the basic operations.  
 
That covers the basic operations.  
 
If you require access for Creating users / Adding Stations / Remote Funcionality, read on.  
 
If you require access for Creating users / Adding Stations / Remote Funcionality, read on.  
 +
  
  
 
Create/Manage Users
 
Create/Manage Users
 +
  
 
In order to Create/Manage Users you will need to delegate the required rights on specific OUs in AD:
 
In order to Create/Manage Users you will need to delegate the required rights on specific OUs in AD:
Line 55: Line 68:
 
Create, delete and manage groups
 
Create, delete and manage groups
 
Modify the membership of a group
 
Modify the membership of a group
 +
  
 
Awaiting screenshot
 
Awaiting screenshot
 +
 +
  
 
Add/Manage Stations
 
Add/Manage Stations
Line 64: Line 80:
 
Stations OUs
 
Stations OUs
 
Create a custom task to delegate
 
Create a custom task to delegate
 +
  
 
Awaiting screenshot
 
Awaiting screenshot
 +
  
 
Choose Only the following objects in the folder and check the box Computer Objects. Check the boxes  Create selected objects in this folder, Delete selected objects in this folder.
 
Choose Only the following objects in the folder and check the box Computer Objects. Check the boxes  Create selected objects in this folder, Delete selected objects in this folder.
 +
  
 
Awaiting screenshot
 
Awaiting screenshot
 +
  
 
Permissions – Select General, Creation/deletion of specific child objects. Select Create All Child Objects, Delete All Child Objects. – Also Read/Write
 
Permissions – Select General, Creation/deletion of specific child objects. Select Create All Child Objects, Delete All Child Objects. – Also Read/Write
 +
  
 
Awaiting screenshot
 
Awaiting screenshot
 +
  
  
Line 80: Line 102:
  
 
There are several Remote functions launchable from BCX:
 
There are several Remote functions launchable from BCX:
 +
  
 
Remote Desktop connection
 
Remote Desktop connection
 +
  
 
RDP rights GPO
 
RDP rights GPO
 +
  
 
Awaiting screenshot
 
Awaiting screenshot
 +
  
 
Awaiting screenshot
 
Awaiting screenshot
 +
  
 
And add group to Remote Desktop Users
 
And add group to Remote Desktop Users
 +
  
 
Awaiting screenshot
 
Awaiting screenshot
 +
  
  
 
Remote browse C$  
 
Remote browse C$  
 +
  
 
Add administrators to above
 
Add administrators to above
 +
  
 
Awaiting screenshot
 
Awaiting screenshot
 +
  
  
 
Remote Assistance
 
Remote Assistance
 +
  
 
Awaiting screenshot
 
Awaiting screenshot

Revision as of 15:25, 11 December 2024

Allow non-Domain Admins to use BCX Management Tools

There are some instances where you would like users without Domain Admins permissions to be able to use BCX Management tools.

This is possible to varying degrees of useability

A non-Domain admin user may open BCX and use limited functions by adding rights on the BCXDB in SQL

Use of other functions may be enabled by delegating rights over specific OUs in Active Directory and through the use of GPOs.

The recommended process follows:


User Group

For ease of granting rights, we recommend creating an AD Group for Non-Admin Users (BCXManagerUsers), which you will populate with the required user accounts.


Awaiting screenshot


SQL


Once created and members assigned the group can be added to your BCX SQL instance.

Add new logon for BCXManagerUsers group with bcxdb database and db_datareader/db_datawriter database role memberships


Awaiting screenshot


BCXManagerV4 Directory


You will then need to add Security – Read rights for the group on the BCXManagerV4 Directory


Awaiting screenshot


Data Server Access


If you require the group members to view Home Directories from within BCX, you will need to give Security – Read rights on the relevant directories on the User Data server


Awaiting screenshot


That covers the basic operations. If you require access for Creating users / Adding Stations / Remote Funcionality, read on.


Create/Manage Users


In order to Create/Manage Users you will need to delegate the required rights on specific OUs in AD:

AD Delegate Rights Users OUs Delegate common tasks: Create, delete. and manage user accounts Reset user passwords and force password change at next logon Read all user information Create, delete and manage groups Modify the membership of a group


Awaiting screenshot


Add/Manage Stations

Similarly to Add/Manage Stations: AD Delegate Rights Stations OUs Create a custom task to delegate


Awaiting screenshot


Choose Only the following objects in the folder and check the box Computer Objects. Check the boxes Create selected objects in this folder, Delete selected objects in this folder.


Awaiting screenshot


Permissions – Select General, Creation/deletion of specific child objects. Select Create All Child Objects, Delete All Child Objects. – Also Read/Write


Awaiting screenshot



Remote Functions

There are several Remote functions launchable from BCX:


Remote Desktop connection


RDP rights GPO


Awaiting screenshot


Awaiting screenshot


And add group to Remote Desktop Users


Awaiting screenshot


Remote browse C$


Add administrators to above


Awaiting screenshot


Remote Assistance


Awaiting screenshot