Skip to main content

Configuring AD Servers on Windows Server 2003 R2

Matt Prytuluk
  • Updated
  • min read

 

Setting the ‘Manage auditing and security log’ Group Policy

 

Note: Adding the OpenDNS_Connector user to this group policy for all AD Servers (DCs) is also required in certain Windows Server 2008 configurations.

  1. By default, Windows Server 2003 does not come with the Group Policy Management Console (GPMC) and it may be downloaded here: http://www.microsoft.com/en-us/download/details.aspx?id=21895.
    Note: Alternatively, 2008 R2 servers should have GPMC installed and you can apply the following permissions from this server to be replicated to the 2003 R2 server.
  2. Open the GPMC (via Start > Administrative Tools), and select a Group Policy that applies to Domain Controllers.
    Note: If you aren’t sure what policy to change, open a command prompt and type the following command: "gpresult /scope computer /r". Look for the ‘Applied Group Policy Objects’ line. Under it will be a list of policies applied to that Domain Controller. Make note of one that is likely to be applied to all Domain Controllers (e.g. ‘Default Domain Controllers Policy’). 
  3. Right-click that policy and select ‘Edit’ to bring up the Group Policy Management Editor.
    ad29.png
  4. Browse to the ‘Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment’ folder and select ‘Manage audit and security log’ to view its properties.
    ad30.png
  5. Check "Define these policy settings", click "Add user or group", browse and select the OpenDNS_Connector user.
  6. Run the "gpupdate" command on the Domain Controller to make sure the policy is applied.

 

Setting DCOM permissions

  
  1. From a command line run dcomcnfg.
  2. Navigate to Console Root > Component Services > Computers.
  3. Right-click on ‘My Computer’ and select ‘Properties’.
  4. From ‘My Computer Properties’ select ‘COM Security’ tab.
  5. In ‘Launch and Activation Permissions’ area click ‘Edit Limits’.
  6. Add OpenDNS_Connector user and allow ‘Remote Launch’ and ‘Remote Activation’ permissions.
  7. Click OK to confirm and close My Computer Properties.

 

Setting WMI permissions

 
  1. Run wmimgmt.msc (Windows Management Infrastructure Control console).
  2. Right-click on ‘WMI Control’. Click ‘Properties’ > ‘Security’ tab.
  3. Select Root > CIMV2 namespace and click the Security button.
  4. Add the OpenDNS_Connector user and Allow the following permissions: ‘Enable Account’‘Remote Enable’ and ‘Read Security’.
  5. Click OK to exit each dialog window, then click Save to apply changes.

Was this article helpful?

1 out of 2 found this helpful
Have more questions? Submit a request

Related articles