Windows 2003 R2 delegated permissions are not available for some users in an OU
- From: markbritt@xxxxxxxxxxx
- Date: 2 Jan 2007 09:15:44 -0800
Created a group called HelpDesk that will allow those users to unlock
an account via a custom MMC console. The group HelpDesk has four IT
members in it. In AD Users and Computers, I highlighted the domain and
involked the Delegation of Control wizard. I added the HelpDesk group
and allowed them to 'reset' the password. I then went into the
permissions and checked the Write LockoutTime and ReadLockoutTime
values and saved.
When I look at my Users Accounts OU, the security tab (advanced view)
for all members shows the HelpDesk having special permissions - EXCEPT
for 2 of the accounts. Both of these accounts were part of Domain
Admins some time ago, but have been removed from that account. This
was done before the HelpDesk group was even created. It appears that
once one of my users is part of the Domain Admins group, the delgate
permissions do not apply to them. Is this correct? What can I do to
force the inherited permissons from the OU to apply two my 2 'orphaned
users'? Any helpd would be appreciated.
Thanks,
Mark
.
- Follow-Ups:
- Re: Windows 2003 R2 delegated permissions are not available for some users in an OU
- From: Laura E. Hunter [MVP]
- Re: Windows 2003 R2 delegated permissions are not available for some users in an OU
- Prev by Date: Re: Command Line Utility for Audit List?
- Next by Date: Re: Create a new Web Security Certificate 2003 Server
- Previous by thread: Re: Setting Audit Permissions Differently for Each User
- Next by thread: Re: Windows 2003 R2 delegated permissions are not available for some users in an OU
- Index(es):
Relevant Pages
|
