What are the minimal permissions (or groups) a user must have, or belong-to, in order to effectively run the DNSServerQueryResolutionPolicy cmdlet, as well as the other DNS-related Powershell cmdlets?
I haven't been able to find this information online anywhere. Thanks
Normally the DNSAdmin group provides rights to manage DNS services, however, it appears these permissions haven't been extended to the DNS Policies. The configuration details for the DNS Policies are saved in the registry of the DNS server, however the DNSAdmins has not been grant rights to this registry key.
You will need to add the users to the DNSAdmins group, but you will also need to update the registry permissions.
Navigate to 'Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server' in the registry on the DNS server and add DNSAdmin full control to the DNS Server key.
Gary.
Thanks Gary. Is there any documentation on any of the points you made above that I can share with my colleagues? Thanks again my friend.
Have a look at this pages:
If the user is not a member of DNSAdmins, the PowerShell commands return Error (5) Access Denied.
If the user is a member of DNSAdmins but without the additional registry permissions, the PowerShell DNS Policy commands will return error (1011) The configuration registry key could not be opened. After the registry permissions had been changed, the command completed successfully.
Gary.
Gary.
Just checking if there has been any progress or update on this one?
4 people are following this question.
