Modify Security for the DNS Server Service on a Domain Controller
Applies To: Windows Server 2008
You can use this procedure to specify who can administer the DNS Server service when it is running on a domain controller. It does not affect who can administer zones and resource records that are hosted on the server, however.
Membership in the Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To modify security for the DNS Server service on a domain controller
Open DNS Manager.
In the console tree, right-click the applicable server, and then click Properties.
DNS/applicable DNS server
On the Security tab, modify the list of member users or groups that are allowed to administer the applicable server.
To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.
Active Directory access control lists (ACLs) are supported for the DNS Server service only when it is running on a domain controller.