Networks

Give Object rights so that the "admin" can create users in Netware, but make sure the property rights to the resource and not Netware are not added. This will give him rights to create the user in Netware environment, but not the ability to read etc. in the windows explorer. Deny inherited rights to the folder where user files are stored and add it to his/her own folder.

What you need to do is grant the admin a Create right to the container that you want him to create users within.

File system rights are seperate from NDS rights with the following exception:
a Supervisor right to a Server object grants Supervisor file system right to the root of all volumes of that server.

One problem that you will encounter is the fact that this administrator will not be able to create home directories unless they have enough rights to the file system. This poses a problem in that users cannot generally grant rights that they do not have (plus they require the Access Control right). This would meand that you would need to grant full rights to the base directory where home directories would be created, giving the admin the rightto see down the tree.

If you don't grant the Supervisor right to the base of the home directories, you can set a mask to remove the rights from existing directories and minimize this problem.

Jeff Gebhart, MCNE

Provide the administrator with object rights to the relevant context but restrict the File rights using IRFs if necessary.

You should make the new administrator's user a trustee of the container where s/he will be creating users and grant them all object and property rights with the exception of Supervisor rights. If S rights are granted to the container and the serverobject is in the same container, s/he would inherit S rights to the server and therefore to the entire filing system on the server unless an IRF is placed on the server to block the S object right.

The new administrator's user should then also be made a trustee of the directory in the filing system where the new user's home directories will be placed. If only the Create right is granted to that directory, the administrator will be able to create new home directories for new users, but will not be able to see them or any data in them since s/he does not have the File Scan rights or Read rights. If File Scan was granted, the administrator could also see directories and files, but would still be unable to read them.

Although the administrator could also

Make him/her a work group admin.