RE: Creating/editing user accountsFrom: Al Miller (email@example.com)
- Previous message: Derek T: "Creating/editing user accounts"
- Maybe in reply to: Derek T: "Creating/editing user accounts"
- Next in thread: Laura A. Robinson: "Re: Creating/editing user accounts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: RE: Creating/editing user accounts Date: Thu, 8 Nov 2001 15:04:35 -0500 Message-ID: <DCC18B9DD1E17247A9CB2B1D5B74E80A3033@NEW-AMI-MAIL-01.amicas.com> From: "Al Miller" <firstname.lastname@example.org> To: "Derek T" <email@example.com>, <firstname.lastname@example.org>
You can designate an OU for these user accounts and delegate control of
the OU to whomever you like. Anyone can add and edit user accounts they
just need to be given the appropriate permissions.
A quick question about AD and web enabled services.
The company I work for is trying to offer the ability to open and
accounts from the Web ( kind of like Yahoo or Hotmail). The problem lies
the choice to use AD on the segmented network. With AD the only ID with
rights to create and edit user accounts are sys-admins, something that
can not allow anonymous web browsers to assume. Also this will be a
off the main corporate network, ( in it's own DMZ) to allow customer
reps to access and work with the same data from the main tree. Any ideas
how can this be accomplished and kept secure, or is it a pipe dream?
Also in the event that a process is given the Sys-admin rights instead
user, what potential security implications does this pose? It seems as
almost every discussion of a new vulnerability starts with " You see,
was this process running with administrator rights...." =)
Thanks for the insights
"If debugging is the process of removing software bugs, then programming
must be the process of putting them in."- L. Owando
Get your FREE download of MSN Explorer at