Set up AD service account with read/write permissions
Any Active Directory user account can be used as a service account to gain access to resources of the network, whether they are files, folders, computers, or printers. Nonetheless, not all users need access to all the resources of the network. AD permissions prevent any misuse of resources inside the network by ensuring that users of an AD network only gain access to the resources that they need.
Types of Active Directory permissions
To find the basic permissions of an object, open Active Directory Users and Computer. Select the OU where the service account exists and right-click to open up the Properties. In the Security tab, you will find the basic permissions. The standard permissions include:
- Full control
- Read
- Write
Depending on the class of objects, you will have additional permissions in the standard section.
Viewing object permissions
Viewing a user’s permission or an object’s permission can be done through the object’s Properties tab. To view the permissions:
- Open Active Directory Users and Computers.
- Locate the object you want, and right-click on it.
- Click Properties.
- Click the Security tab, and you’ll be able to see the object’s permissions.
Modifying object permissions
Active Directory permissions can be set in two different ways, via Group Policy Management or the Active Directory Users and Computers.
Group Policy Management
- Go to Start, and click Administrative Tools.
- Click on Group Policy Management.
- Right-click on Group Policy Objects (GPO), and click New to create a new GPO. Here you can grant the necessary rights to a set of user(s)/groups through the GPO.
Active Directory Users and Computers
- Go to Start, and click on Administrative Tools.
- Click on Active Directory Users and Computers.
- Locate the object you want, and right-click on it.
- Click Properties, and select the Security tab.
- Click Add and browse to your user account.
- Limit the Apply Onto scope to Descendant Computer objects and select the following settings:
- Read All Properties
- Write All Properties
- Read Permissions
- Modify Permissions
- Validated write to DNS host name
- Validated write to service principal name.
- Click OK.
Comments
0 comments
Please sign in to leave a comment.