Re: Delegation of Control
From: Ulf B. Simon-Weidner [MVP] (nospam2-ulf_at_usw-consulting.com)
Date: 10/27/04
- Next message: Ulf B. Simon-Weidner [MVP]: "Re: Delegation of Control"
- Previous message: Ulf B. Simon-Weidner [MVP]: "RE: Adding Groups as members of Groups ???"
- In reply to: jv: "Delegation of Control"
- Next in thread: Ulf B. Simon-Weidner [MVP]: "Re: Delegation of Control"
- Reply: Ulf B. Simon-Weidner [MVP]: "Re: Delegation of Control"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 27 Oct 2004 19:39:51 +0000
"jv" <jv@discussions.microsoft.com> wrote in message
news:jv@discussions.microsoft.com:
> I just upgraded my test environment to w2k3 AD. Now I want to be able to
>
> delegate control for my helpdesk and desktop team to be able to reset
> passwords, unlock accounts, join computers to domain, remove computers
> from
> domain, and read access to view properties of accounts.
>
> What is best way to achieve this?
Hello jv,
The most tasks you outlined are in the delegation of control wizard,
just click on the approbiate OU and choose "delegation" from the
context menu.
Everybody has read access, so you don't need to configure that. And
they are able the change accounts they create. Reset passwords is
provided in the delegation wizard, create and delete computer objects
is provided.
To unlock locked user accounts you have to delegate write rights on the
"lockoutTime"-Attribute.
-- Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner WebSite: http://www.windowsserverfaq.org
- Next message: Ulf B. Simon-Weidner [MVP]: "Re: Delegation of Control"
- Previous message: Ulf B. Simon-Weidner [MVP]: "RE: Adding Groups as members of Groups ???"
- In reply to: jv: "Delegation of Control"
- Next in thread: Ulf B. Simon-Weidner [MVP]: "Re: Delegation of Control"
- Reply: Ulf B. Simon-Weidner [MVP]: "Re: Delegation of Control"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
