Hi,

I would like to allow a single user read access only to our DNS server.

On the Security tab of the DNS Server properties, I have added the user with Read only rights.

This does indeed allow him to connect to the DNS server, but what I have found is that he can actually make changes to the Forward Lookup Zones i.e. he can add new host A records and also delete existing records.

When I look at the Effective Access for the user, it comes back to tell me he has nothing but Read access (which is what I would expect), but he can indeed make changes.

Am I missing something here?

Thanks,

Bob

Hi,

check this:

http://blogs.technet.com/b/jlosey/archive/2009/09/02/granting-access-to-dns-management-mmc-to-a-non-admin.aspx

Hi Tim,

Thanks for the reply.

As it happens, I had already came across that blog, but I have found that my user still has access to the Forward Lookup Zones (although, strangely enough, he can't view the DNS Event Log).

Thanks,

Bob

Hi,

Have you gone through below Technet thread ? Have a look and share your feedback.

http://social.technet.microsoft.com/Forums/windowsserver/en-US/9f872ca9-4c95-440c-b551-cdece68d4253/read-only-access-to-dns-zones?forum=winserverDS

Regard,

Manjunath Sullad

• Edited by Manjunath Sullad 38 minutes ago

Hi,

Yes, I had came across that thread as well, although my situation is slightly different in that it's a non administrator user that I'm wanting to grant Read Access only to.

I have added to the user to each of the Forward Lookup Zones that I don't want him to be able to access and specified Deny full access and that has indeed prevented access to the Zones, but I'm still wondering why granting him Read Only access to the DNS server does not prevent him from being able to make subsequent changes to the Forward Lookup Zones.

Thanks,

Bob