Re: Delegation Control

From: Jerrald Noland (JerraldNoland_at_discussions.microsoft.com)
Date: 10/06/04

• Next message: Eric: "Help! Can't take Ownership - Security Tab Missing! Win2k"
• Previous message: Dashrath Gandhi: "give accesss of file sharing to specific programm"
• In reply to: Joe Richards [MVP]: "Re: Delegation Control"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 6 Oct 2004 07:25:04 -0700

Thanks...that was what I needed. Appreciate the help

"Joe Richards [MVP]" wrote:

> lockoutTime is for locked out accounts, not disabled accounts. Disabling is
> handled through a single bit flag in the useraccountcontrol attribute. Note that
> allowing access to this allows more than just enabling/disabling accounts, they
> can also set the password to never expire, etc.
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
>
> Jerrald Noland wrote:
> > Hi:
> >
> > First, let me explain what I'm trying to do. I want to setup a particular
> > group with the right to be able to reset user passwords and enable user
> > accounts. Now, currently, I'm attempting to do this with the Delegation
> > Control Wizard. The reset password option is working, but I'm unable to get
> > the enable account portion of this to work. I've even printed out a
> > Microsoft KB article that I thought was related to this problem (KB Article
> > 294952). I've done all the steps that the article says to do. I've modified
> > the DSSEC.DAT file accordingly. I've went in to the Delegation Control
> > Wizard and checked on the ReadLockOutTime and WriteLockOutTime boxes. Still
> > not able to enable any user accounts. Is there something else I need to do
> > that I'm overlooking or is this just not possible for users other than those
> > that have Admin priviledges?
>

• Next message: Eric: "Help! Can't take Ownership - Security Tab Missing! Win2k"
• Previous message: Dashrath Gandhi: "give accesss of file sharing to specific programm"
• In reply to: Joe Richards [MVP]: "Re: Delegation Control"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Delegation Control ... group with the right to be able to reset user passwords and enable user ... Control Wizard. ... I've went in to the Delegation Control ... not able to enable any user accounts. ... (microsoft.public.win2000.security) Re: Delegation of Control ... I DID NOTICE THAT HELPDESK AND DESKTOP GROUP CAN'T RESET THEIR OWN ACCOUNT ... THEY CAN RESET ALL OTHER ACCOUNTS. ... >> The most tasks you outlined are in the delegation of control wizard, ... >> provided in the delegation wizard, ... (microsoft.public.windows.server.active_directory) Re: Righs to unlock accounts:Set "read/write accountlockout" time, but option is still gra ... > I need to allow helpdesk to 'unlock' accounts under a certain OU. ... > then click Delegate Control from the menu that is displayed. ... The Delegation of Control Wizard should be displayed. ... (microsoft.public.win2000.active_directory) Re: Delegation Control ... lockoutTime is for locked out accounts, not disabled accounts. ... > Control Wizard. ... I've went in to the Delegation Control ... (microsoft.public.win2000.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint