Microsoft KB Archive/887357

= You cannot delegate DHCP administration or WINS administration on a per-server basis when the DHCP service and the WINS service run on domain controllers =

Article ID: 887357

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-





INTRODUCTION
You cannot delegate Dynamic Host Configuration Protocol (DHCP) administration or Windows Internet Name Service (WINS) administration on a per-server basis when the DHCP service and the WINS service run on domain controllers.



MORE INFORMATION
When the DHCP service is installed on a member server, the DHCP Administrators local group is created. When the DHCP service is installed on a domain controller, the DHCP Administrators local group becomes a domain local group. The DHCP Administrators domain local group is then replicated to all the domain controllers. This lets the members of this domain local group to have administrator rights for all DHCP services if the DHCP services run on a domain controller.

On a WINS server, the System Operators domain group and the Account Operators domain group have Read and Control rights to the Remote Procedure Call (RPC) service. These domain local groups have Read and Control rights on every domain controller even if the DHCP service or the WINS service does not run on the domain controllers. The System Operators domain group and the Account Operators domain group are very powerful. An account that has Read and Control rights on a domain controller always has the same right on all domain controllers. The only way that you can delegate administration for a WINS server or for a DHCP server is to deploy the WINS service or the DHCP service on a separate server.



STATUS
This behavior is by design.

Keywords: kbnetwork kbwinservnetwork kbhowto KB887357

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.