Re: Delegated Authority
- From: "Jorge de Almeida Pinto" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Wed, 4 Jan 2006 00:08:27 +0100
For more information on delegating tasks see:
http://www.microsoft.com/downloads/details.aspx?FamilyID=631747a3-79e1-48fa-9730-dae7c0a1d6d3&DisplayLang=en
and
http://www.microsoft.com/downloads/details.aspx?FamilyID=29dbae88-a216-45f9-9739-cb1fb22a0642&DisplayLang=en
For more info on Taskpad views and tasks:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/3d0c783c-7789-4400-953b-d22a501ae535.mspx
http://www.winsupersite.com/showcase/win2k_taskpad.asp
http://www.petri.co.il/create_taskpads_for_ad_operations.htm
################################
RESET USER PASSWORDS
---------------------------------
To reset user passwords you need the ?Reset Password? extended right on the
user object. This is also available through the delegation of control wizard
using the common delegated task ?Reset a user account?s password?
If you want to reset user passwords and force password change at next logon
you need the ?Reset Password? extended right on the user object and you need
Read/Write permissions on the attribute ?pwdLastSet?. This is also available
through the delegation of control wizard using the common delegated task
?Reset user passwords and force password change at next logon?
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:eIQYplLEGHA.3984@xxxxxxxxxxxxxxxxxxxxxxx
> "Simon Young" <simon.young@xxxxxxxxxxxxxx> wrote in message
> news:ewJFo2HEGHA.2292@xxxxxxxxxxxxxxxxxxxxxxx
>> Can anybody help me please?
>>
>> Im trying to create a custom mmc so I can delegate the reset password
>> option on a specific OU to a specific group of users. It all works fine,
>> I create a new mmc, add the snap in and path to the desired OU and chose
>> new window. Then when saving I select the right user mode so they cant
>> move out from the offered container.
>>
>> I then click on Delegate control, this brings up the wizard and I add the
>> group, then select the permission (I.e. reset password) and save the mmc
>> in a central share that the delegated authorities can see and have full
>> control over
>>
>> The problem is, when I try to open the mmc, I get a 'snap in failed to
>> initialize... Name <Unknown>' warning so they cant open it (nor can I if
>> I log on to that machine so I don't think its a user permission issue),
>> however, if I open it on the machine I created it on (my machine) but
>> logged in as the delegated user, it works fine, although when I right
>> click on a user, I can also add them to groups etc, does this sound right
>> or am I doing it wrong?
>
> Most probably you are trying (and failing) on a machine which
> doesn't have the required DLLs.
>
>> So will I need to install Adminpac.msi onto the machines that I want to
>> reset passwords, and is there a setting that will restrict that user to
>> only resetting passwords?
>
> Yes, AdminPak.msi is the way to get the tools on the individual
> machines.
>
> They will only be able to do those functions you have delegated.
>
> You can also make sure they don't have permissions to even run
> the "other tools" on their machine by making sure they are not
> "admins" of their own machines, or by carefully setting permissions.
>
> Perhaps even using a "software restriction policy" will benefit
> you.
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
>>
>> Many thanks in advance
>>
>> Simon
>>
>
>
.
- References:
- Delegated Authority
- From: Simon Young
- Re: Delegated Authority
- From: Herb Martin
- Delegated Authority
- Prev by Date: Re: VPN migration
- Next by Date: Re: aduiting user acount
- Previous by thread: Re: Delegated Authority
- Next by thread: Re: aduiting user acount
- Index(es):
Relevant Pages
|
Loading
