NPS on Domain Controller And Access Permissions Issue
Hi ! As it is recommended, We have installed NPS on our domain controller. and now we want to delegate its actions to some junior admins (just like what you do for dnsadmins, dhcp admins and ..) I searched about it and just found that they should be local admin on nps server and as it is dc, they should be domain admins and definitely it is not accepted. how we can manage this problem ?
July 31st, 2012 3:48am

Move corresponding roles to the dedicated server.Microsoft Certified Trainer; Microsoft Security Trusted Advisor; Cisco Certified Systems Instructor; Certified Ethical Hacker.
Free Windows Admin Tool Kit Click here and download it now
July 31st, 2012 4:22am

Move corresponding roles to the dedicated server. Microsoft Certified Trainer; Microsoft Security Trusted Advisor; Cisco Certified Systems Instructor; Certified Ethical Hacker. What do you mean by that ? you mean move nps to another server ? if so, why microsoft recommends it on a dc ? you say they have not thought of its delegation ?
July 31st, 2012 5:08am

Hi, Thanks for your post. As the following article described, for optimizing NPS performance, you may install NPS on domain controller. To optimize NPS authentication and authorization response times and minimize network traffic, install NPS on a domain controller. Best Practices for NPS http://technet.microsoft.com/en-us/library/cc771746(v=ws.10) Please understand that only member of administrators groups has right to locally or remotely manager NPS. So you need to add these accounts to the AD built-in Administrators groups. If this still not meet the security requirement, then I would suggest that we deploy NPS on an individual server in this scenario. Manage Multiple NPS Servers by Using the NPS MMC Snap-in http://technet.microsoft.com/en-us/library/cc770325(WS.10).aspx Best Regards, AidenAiden Cao TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2012 2:26am

Hi, Thanks for your post. As the following article described, for optimizing NPS performance, you may install NPS on domain controller. To optimize NPS authentication and authorization response times and minimize network traffic, install NPS on a domain controller. Best Practices for NPS http://technet.microsoft.com/en-us/library/cc771746(v=ws.10) Please understand that only member of administrators groups has right to locally or remotely manager NPS. So you need to add these accounts to the AD built-in Administrators groups. If this still not meet the security requirement, then I would suggest that we deploy NPS on an individual server in this scenario. Manage Multiple NPS Servers by Using the NPS MMC Snap-in http://technet.microsoft.com/en-us/library/cc770325(WS.10).aspx Best Regards, AidenAiden Cao TechNet Community Support
August 1st, 2012 2:31am

ok so it seems microsoft should revise it in one hand it is recommended to be installed on dc on the other hand there is no mechanism to delegate it unless make a user domain admin which is security concern
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2012 2:32am

ok so it seems microsoft should revise it in one hand it is recommended to be installed on dc on the other hand there is no mechanism to delegate it unless make a user domain admin which is security concern
August 1st, 2012 2:36am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics