How to allow non-root or enterprise administrators to authorize RIS servers in Active Directory (239004)

For Remote Installation Service (RIS) servers to begin to service clients, they must first be authorized by Dynamic Host Configuration Protocol (DHCP) by using DHCP Management. However, only administrators of the root domain or members of the Enterprise Administrators group have the necessary permissions to do this.

If your organization requires that other users have these permissions, or if you want to delegate this task, follow these steps:

1. As an administrator of the root domain, start Active Directory Sites and Services. On the View menu, click Show Services Node.
2. Click Services, and then click NetServices.
3. Right-click NetServices, click Properties, and then click the Security tab.
4. In the Security dialog box, assign the following permissions to the users or groups for which you want to authorize these servers:
   • Read
   • Write
   • Create all Child objects
   Note Do not assign permissions to a Domain Local Group if multiple domain exists in the forest. Only the domain controllers in that specific domain will understand those groups. Users may receive an "Access Denied" error message if Domain Local Group is used to delegate this.
5. Click Advanced. In the Access control Settings for NetServices dialog box, click the user or group you just added, and then click Edit on the View menu.
6. In the Apply onto box, click This object and All Child Objects.

The user or group can then authorize the RIS servers. If you still receive an "Access denied" error message, force replication between the servers, or wait until the scheduled replication occurs.