Re: Delegate Account release
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 10/19/03
- Previous message: Joe Richards [MVP]: "Re: WINS Admin delegation"
- In reply to: Dmitry Korolyov [MVP]: "Re: Delegate Account release"
- Next in thread: Dmitry Korolyov [MVP]: "Re: Delegate Account release"
- Reply: Dmitry Korolyov [MVP]: "Re: Delegate Account release"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 19 Oct 2003 09:26:30 -0400
This is incorrect.
The lockout property is an attribute called lockoutTime. The permission to write that value needs to be given.
Once that delegation is done, you can use the GUI tools or the command line tool UNLOCK to unlock the user accounts. You can find unlock at www.joeware.net on the free win32 tools page.
--
Joe Richards
www.joeware.net
--
"Dmitry Korolyov [MVP]" <d__k@removethispart.mail.ru> wrote in message news:uSZSPbMlDHA.3320@tk2msftngp13.phx.gbl...
It is a flag in userAccountControl property, and you can delegate write access to that property of user objects. But note that by delegating access to this property you enable to change security-sensitive flags such as store password reversible encryption, password never expires etc - all specified under "account options" on the account tab in user properties in ADUC.
--
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Active Directory
"Tom" <sprdthword@hotmail.com> wrote in message news:uI$B2nxkDHA.2244@TK2MSFTNGP12.phx.gbl...
Can anyone tell me if there is a way to delegate the permission/authority
for someone to release locked out accounts?
We have a school with an average class size in the IT lab of 25+ and we are
constantly getting students locking themselves out by not typing their
passwords correctly. I would like to allow the other IT teacher the
authority to unlock them without giving him either Admin rights or direct
access to the server. I saw a script somewhere which will do the unlock, but
the writer mentioned a problem he had in writing the script - and that was
that the IsAccountLocked is actually not a property but a flag set on the
fly. So - that means I don't think I can set permissions directly on that
flag, but can I set them somewhere else?
Thanks in advance.
Tom
- Previous message: Joe Richards [MVP]: "Re: WINS Admin delegation"
- In reply to: Dmitry Korolyov [MVP]: "Re: Delegate Account release"
- Next in thread: Dmitry Korolyov [MVP]: "Re: Delegate Account release"
- Reply: Dmitry Korolyov [MVP]: "Re: Delegate Account release"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
