Re: Custom Delegation in AD
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 09/25/04
- Previous message: Marcus: "Re: tasklist.exe security problem??"
- In reply to: kusdjeff: "Custom Delegation in AD"
- Next in thread: kusdjeff: "Re: Custom Delegation in AD"
- Reply: kusdjeff: "Re: Custom Delegation in AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Sep 2004 21:37:16 -0400
You can't natively. The delegation has to be to the entire attribute or not at all.
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net kusdjeff wrote: > I have a question about AD delegation. I am in the process of creating an AD > custom delegation (modifying the delegwiz.inf). I am able to set all the > rights for my environment except one. How do I enable (delegate) my users > the ability to enable/disable accounts. I understand that there is a > 'userAccountControl' option, but this grants too many rights. I only want my > users the ability to enable/disable accounts without affecting other rights > such as "Password Never Expires" and "User Cannot Change Password". How do I > go about doing this?? > > Thanks in advance, Jeff
- Previous message: Marcus: "Re: tasklist.exe security problem??"
- In reply to: kusdjeff: "Custom Delegation in AD"
- Next in thread: kusdjeff: "Re: Custom Delegation in AD"
- Reply: kusdjeff: "Re: Custom Delegation in AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
