Modify security for the DNS Server service on a domain controller

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To modify security for the DNS Server service on a domain controller

  1. Open DNS.

  2. In the console tree, right-click the applicable server, and then click Properties.

  3. On the Security tab, modify the list of member users or groups that are allowed to administer the applicable server.

Notes

  • To perform this procedure, you must be a member of the DnsAdmins or the Domain Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open DNS, click Start, click Control Panel, double-click Administrative Tools, and then double-click DNS.

  • Active Directory access control lists (ACLs) are only supported for the DNS Server service when it is running on a domain controller.

  • The security settings determine who can administer the server, but do not affect the ACLs for the zones and resource records hosted on the server. To apply security settings for DNS zones and resource records, see Related Topics.

  • This feature is not included on computers running the Microsoft® Windows Server® 2003, Web Edition, operating system. For more information, see Overview of Windows Server 2003, Web Edition.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Configure a DNS server for use with Active Directory
Modify security for a directory-integrated zone
Modify security for a resource record
Best practices for permissions and user rights
Best practices for permissions and user rights