BCX Network Management Tools Non Domain Admin Access

From BCX Media Wiki
Jump to navigation Jump to search

There are some instances where you would like users without Domain Admins permissions to be able to use BCX Management tools.

This is possible to varying degrees of useability

A non-Domain admin user may open BCX and use limited functions by adding rights on the BCXDB in SQL

Use of other functions may be enabled by delegating rights over specific OUs in Active Directory and through the use of GPOs.

The recommended process follows:

User Group

For ease of granting rights, we recommend creating an AD Group for Non-Admin Users (BCXManagerUsers), which you will populate with the required user accounts.

bcx tools non domain admin create group.png


Once created and members assigned the group can be added to your BCX SQL instance.

Add new logon for BCXManagerUsers group with bcxdb database and db_datareader/db_datawriter database role memberships

bcx tools non domain admin sql permissions.png

BCXManagerV4 Directory

You will then need to add Security – Read rights for the group on the BCXManagerV4 Directory

bcx tools non domain admin manager v4 permissions.png

Data Server Access

If you require the group members to view Home Directories from within BCX, you will need to give Security – Read rights on the relevant directories on the User Data server

bcx tools non domain admin data server permissions.png

That covers the basic operations. If you require access for Creating users / Adding Stations / Remote Funcionality, read on.

Create/Manage Users

In order to Create/Manage Users you will need to delegate the required rights on specific OUs in AD:

AD Delegate Rights Users OUs

bcx tools non domain admin delegate permissions wizard.png

Delegate common tasks: Create, delete. and manage user accounts Reset user passwords and force password change at next logon Read all user information Create, delete and manage groups Modify the membership of a group

bcx tools non domain admin delegate permissions create manage users.png

Add/Manage Stations

Similarly to Add/Manage Stations: AD Delegate Rights Stations OUs Create a custom task to delegate

bcx tools non domain admin delegate permissions create custom task stations.png

Choose Only the following objects in the folder and check the box Computer Objects. Check the boxes Create selected objects in this folder, Delete selected objects in this folder.

bcx tools non domain admin delegate permissions create custom task stations object.png

Permissions – Select General, Creation/deletion of specific child objects. Select Create All Child Objects, Delete All Child Objects. – Also Read/Write

bcx tools non domain admin delegate permissions create custom task stations permissions.png

Remote Functions

There are several Remote functions launchable from BCX:

Remote Desktop connection

RDP rights GPO

Awaiting screenshot

Awaiting screenshot

And add group to Remote Desktop Users

Awaiting screenshot

Remote browse C$

Add administrators to above

Awaiting screenshot

Remote Assistance

Awaiting screenshot

Return to Contents page