Re: How to restrict rights to only allow users to add or remove or modify user account and group settings
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/27/04
- Previous message: Roger Abell: "Re: Disable everything except for a web site authentication."
- In reply to: T0GGLe: "How to restrict rights to only allow users to add or remove or modify user account and group settings"
- Next in thread: Gcorpuz: "Re: How to restrict rights to only allow users to add or remove or"
- Reply: Gcorpuz: "Re: How to restrict rights to only allow users to add or remove or"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Nov 2004 23:19:05 GMT
Delegation is what you want to do. I suggest you do it at the Organizational
Unit level and you will then be able to delegate control over the OU instead
of the whole users container and it is easier to change back settings to
default if you do not use a built in container. Also when you do it at the
OU level you will have pre defined general levels of delegation that would
most commonly be used. Of course the users and groups that you would want
control delegated over would need to exist in the OU. If you do want to fine
tune delegation more then you would need to use advanced delegation by
selecting users, also select property specific and then select the
permissions you want to delegate. You can then do the same for groups. Be
sure to test your results before implementing. --- Steve
"T0GGLe" <erectmember@gmail.com> wrote in message
news:dc6e2dd4.0411260155.6ea5b763@posting.google.com...
> Hi,
>
> I want to restrict our helpdesk staff so that with their domain
> accounts they only have the ability to add new users (and create
> associated exchange mailbox-ie, the tickbox you get in user account
> creation), remove users, change passwords, and change any other
> setting that you get in a user account once it's been created
> (telephone number for example). Also they should be able to change
> group membership.
>
> Now I can see that you can use "delegate control" within the
> properties of the domain within "users and computers" but it's very
> confusing. There are so many custom options that you can set for users
> or groups with no explanation on any of them. I've been on win2k and
> active directory training and there was no mention of any of this and
> I can't find any suitable refrence material which explains all these
> settings so that I can work it out for myself.
>
> Or am i barking up the wrong tree?
>
> Thx.
- Previous message: Roger Abell: "Re: Disable everything except for a web site authentication."
- In reply to: T0GGLe: "How to restrict rights to only allow users to add or remove or modify user account and group settings"
- Next in thread: Gcorpuz: "Re: How to restrict rights to only allow users to add or remove or"
- Reply: Gcorpuz: "Re: How to restrict rights to only allow users to add or remove or"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
