Re: Helpdesk rights to change passwords
- From: "Dmitry Korolyov [MVP]" <d__k@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 2 Sep 2005 21:33:18 +0400
1) Delegate "set password" permission to the group you need
2) Use AD Users&Computers to reset passwords.
--
Dmitry Korolyov [d__k@xxxxxxxxxxxxxxxxxxxxxx]
MVP: Windows Server - Directory Services
"Dean Colpitts" <dean.n_o_s_p_a_m.colpitts@xxxxxxxxxxxxxx> wrote in message
news:subeh1las4kfobipd7obaeal6ks4tveuhr@xxxxxxxxxx
>I have several differrent customers that have a single Windows 2003 DC
> with XP SP2 workstations. At each site, I'd like to take one person
> and give them rights to change/reset other user's passwords from a XP
> SP2 workstation. I've found the following commmand:
>
> net user username password /domain
>
> which works fine when run from an account with domain admin rights.
> When I run this as a standard domain user, obviously I get an error.
>
> I've run the delegation of control wizard, picked the account I want
> to have these rights, created a custom task to delegate, select an
> active directory object type of users and selected both change
> password and reset password.
>
> When running the above command as the user I've delegated as the
> password changer, on that person's workstation, I get:
>
> System error 5 has occurred.
>
> Access is denied.
>
> What am I doing wrong, and what is the best way around it? I only
> want this person to be able to change or reset passwords...
>
> dcc
.
- References:
- Helpdesk rights to change passwords
- From: Dean Colpitts
- Helpdesk rights to change passwords
- Prev by Date: Re: how can i replicate from different domain controller in same fores
- Next by Date: Re: Disable the screensaver policy based on IP address or DHCP paramet
- Previous by thread: RE: Helpdesk rights to change passwords
- Next by thread: ADMT computer profile problems
- Index(es):
Relevant Pages
|
