Re: How to restrict rights to only allow users to add or remove or

From: Gcorpuz (Gcorpuz_at_discussions.microsoft.com)
Date: 11/29/04 

Date: Sun, 28 Nov 2004 18:57:02 -0800

In addition to creating an OU is that, create a Security Group, all users to
this group, and delegate the tasks you want to this group...

"Steven L Umbach" wrote:

> Delegation is what you want to do. I suggest you do it at the Organizational
> Unit level and you will then be able to delegate control over the OU instead
> of the whole users container and it is easier to change back settings to
> default if you do not use a built in container. Also when you do it at the
> OU level you will have pre defined general levels of delegation that would
> most commonly be used. Of course the users and groups that you would want
> control delegated over would need to exist in the OU. If you do want to fine
> tune delegation more then you would need to use advanced delegation by
> selecting users, also select property specific and then select the
> permissions you want to delegate. You can then do the same for groups. Be
> sure to test your results before implementing. --- Steve
>
>
>
> "T0GGLe" <erectmember@gmail.com> wrote in message
> news:dc6e2dd4.0411260155.6ea5b763@posting.google.com...
> > Hi,
> >
> > I want to restrict our helpdesk staff so that with their domain
> > accounts they only have the ability to add new users (and create
> > associated exchange mailbox-ie, the tickbox you get in user account
> > creation), remove users, change passwords, and change any other
> > setting that you get in a user account once it's been created
> > (telephone number for example). Also they should be able to change
> > group membership.
> >
> > Now I can see that you can use "delegate control" within the
> > properties of the domain within "users and computers" but it's very
> > confusing. There are so many custom options that you can set for users
> > or groups with no explanation on any of them. I've been on win2k and
> > active directory training and there was no mention of any of this and
> > I can't find any suitable refrence material which explains all these
> > settings so that I can work it out for myself.
> >
> > Or am i barking up the wrong tree?
> >
> > Thx.
>
>
>

Relevant Pages

  • Re: Outlook Calendar & Tasks; Delegates View
    ... Check to see if one have a PRIVATE sensitivity ... Does the Delegate have the "right" to see private objects? ... Why does the delegate have Publishing Rights? ... I have compared all settings and see ...
    (microsoft.public.outlook.calendaring)
  • SP2: Add delegate issue
    ... Entourage cannot use a secure connection to set delegate options. ... Entourage cannot connect to the Exchange server. ... account settings are correct. ...
    (microsoft.public.mac.office.entourage)
  • Re: Problem with Webrick/HTTProxy
    ... I turned off all firewall. ... And delegate and cc proxy worked well same settings (port 8080). ...
    (comp.lang.ruby)
  • Re: Limit user access in SBS2003
    ... delegated permissions from the parent container. ... To delegate the permissions to change user's title, phone number, fax, etc, ... Create the group or user account that you want to have the ability to ... click Delegate Control from the menu that is displayed. ...
    (microsoft.public.windows.server.sbs)
  • Re: Which group has the ability to create contacts in AD?
    ... > contact is through a user account that is a member of the Domain Admins ... perform some action in AD, like in this case, you can delegate control ... global group, put the user in this group, and delegate permissions to ...
    (microsoft.public.windows.server.security)