If you’re running a DHCP server in your organization, you know how important it is to maintain control over who has access to it. However, when you need to delegate access to certain staff members or groups, it can be a bit tricky to navigate. That’s where this blog post comes in – I’ll show you how to delegate access to DHCP for helpdesk staff or any security group.
The Problem: Helpdesk Staff Can’t View DHCP Server After Rebuilding
One of the challenges faced by IT departments is rebuilding servers when necessary. After rebuilding the DHCP server, one organization’s helpdesk staff found that they could no longer view it using RSAT (Remote Server Administration Tools). Instead, they were greeted with a red error, indicating that they didn’t have the necessary permissions to access the server.
The Solution: Add Security Group to DHCP Users Group
After some investigation, the I discovered that when you install the DHCP role on a server, two new groups are created in the Local User and Groups settings. By adding their security group to the DHCP Users group, they could grant their helpdesk staff access to view the DHCP server without giving them the ability to make any changes.
When you install the DHCP role on the server 2 new groups are created in Local User and Groups setting on the server. We just need to add our security group to allow them access.
How to add a security group to DHCP Users
Here are the steps to follow to add a security group to DHCP Users:
Click on start and search for Edit Local users and groups.
Select Groups and you’ll notice 2 new ones after DHCP role was installed.
- DHCP Administrators – Members who have administrative access to the DHCP Service
- DHCP Users – Members who have view-only access to the DHCP service
For the helpdesk staff, add them to the DHCP Users group so they can only view it. This prevents them from making any changes to the server.
Add your security group (in this case, TECH-STAFF) to the DHCP Users group.
With these steps, the helpdesk staff can now connect to view the leases on the DHCP server without any issues.
Conclusion
Delegating access to DHCP for helpdesk staff or any security group is a crucial step for any IT department. By following the steps outlined in this blog post, you can grant access to view the DHCP server without giving staff members the ability to make any changes. As always, it’s important to keep security in mind when granting access to any server, and to only give access to those who require it.
What if the DHCP server is also a domain controller?