Modify Security for the DNS Server Service on a Domain Controller

Applies To: Windows Server 2008

You can use this procedure to specify who can administer the DNS Server service when it is running on a domain controller.

Membership in Administrators, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To modify security for the DNS Server service on a domain controller

  1. Open DNS Manager. To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

  2. In the console tree, right-click the applicable server, and then click Properties.

  3. On the Security tab, modify the list of member users or groups that are allowed to administer the applicable server.

Additional considerations

  • Active Directory access control lists (ACLs) are supported for the DNS Server service only when it is running on a domain controller.

  • This procedure also can affect who can administer zones and the resource records that are hosted on the server because you must have read access in the list administered by this procedure to be able to administer zones and resource records.