Helpdesk rights to change passwords
- From: Dean Colpitts <dean.n_o_s_p_a_m.colpitts@xxxxxxxxxxxxxx>
- Date: Thu, 01 Sep 2005 13:57:21 -0300
I have several differrent customers that have a single Windows 2003 DC
with XP SP2 workstations. At each site, I'd like to take one person
and give them rights to change/reset other user's passwords from a XP
SP2 workstation. I've found the following commmand:
net user username password /domain
which works fine when run from an account with domain admin rights.
When I run this as a standard domain user, obviously I get an error.
I've run the delegation of control wizard, picked the account I want
to have these rights, created a custom task to delegate, select an
active directory object type of users and selected both change
password and reset password.
When running the above command as the user I've delegated as the
password changer, on that person's workstation, I get:
System error 5 has occurred.
Access is denied.
What am I doing wrong, and what is the best way around it? I only
want this person to be able to change or reset passwords...
dcc
.
- Follow-Ups:
- Re: Helpdesk rights to change passwords
- From: Dmitry Korolyov [MVP]
- RE: Helpdesk rights to change passwords
- From: Rob Pomon
- Re: Helpdesk rights to change passwords
- Prev by Date: Re: Grant Read to a Registry setting
- Next by Date: ADMT computer profile problems
- Previous by thread: Re: Accessing an AD domain that is using MIT Kerberos Integration?
- Next by thread: RE: Helpdesk rights to change passwords
- Index(es):
