How to restrict rights to only allow users to add or remove or modify user account and group settings

From: T0GGLe (erectmember_at_gmail.com)
Date: 11/26/04

• Next message: vamsi: "Re: Disable everything except for a web site authentication."
• Previous message: Raymond: "FTP login to Win2k sp4 with IIS not all audited"
• Next in thread: Steven L Umbach: "Re: How to restrict rights to only allow users to add or remove or modify user account and group settings"
• Reply: Steven L Umbach: "Re: How to restrict rights to only allow users to add or remove or modify user account and group settings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 26 Nov 2004 01:55:33 -0800

Hi,

I want to restrict our helpdesk staff so that with their domain
accounts they only have the ability to add new users (and create
associated exchange mailbox-ie, the tickbox you get in user account
creation), remove users, change passwords, and change any other
setting that you get in a user account once it's been created
(telephone number for example). Also they should be able to change
group membership.

Now I can see that you can use "delegate control" within the
properties of the domain within "users and computers" but it's very
confusing. There are so many custom options that you can set for users
or groups with no explanation on any of them. I've been on win2k and
active directory training and there was no mention of any of this and
I can't find any suitable refrence material which explains all these
settings so that I can work it out for myself.

Or am i barking up the wrong tree?

Thx.

• Next message: vamsi: "Re: Disable everything except for a web site authentication."
• Previous message: Raymond: "FTP login to Win2k sp4 with IIS not all audited"
• Next in thread: Steven L Umbach: "Re: How to restrict rights to only allow users to add or remove or modify user account and group settings"
• Reply: Steven L Umbach: "Re: How to restrict rights to only allow users to add or remove or modify user account and group settings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SMS Console Freezing ... A quick look at the smsprov.log tells us that the connection is hanging at ... the group membership enumeraion phase for the account being used to launch ... > SMS Administrator Console ... (microsoft.public.sms.setup) IsInRole performance issue ... -Add that domain account to a large number of groups. ... In my test I setup netmon on the domain controller. ... number of group membership is that fact that some other application could ... I think that the framework is just implmented ... (microsoft.public.dotnet.security) IsInRole performance issue ... -Add that domain account to a large number of groups. ... In my test I setup netmon on the domain controller. ... number of group membership is that fact that some other application could ... I think that the framework is just implmented ... (microsoft.public.dotnet.framework.aspnet.security) Re: Q about "control userpasswords2" in XP home ... My account is the one that all applications have been ... It might have had the "users" group membership ... the "Administrators" group membership. ... interfaces see it has membership in Users group it then ... (microsoft.public.windowsxp.security_admin) Re: Cannot open log for source {0} -- again ... For the IUSR account, this ... after changing group membership solved the problem. ... whole thing seems to be the Guests group. ... (microsoft.public.dotnet.framework.aspnet.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint