Re: Error on password reset

I will try your auditing suggestion today, I haven't tried that at all. I
have tried the other half of your post, I created a fresh OU/user and
assigned full control of the OU to the user (this object & all child
objects) - still no luck. I can do (seemingly) everything except create new
users/change passwords with this new permission. What's extremely weird is
if I do an effective permissions on a new user in this OU for the trustee of
my user with Full Control, it shows the correct permisions (change password)
as checked - but, they simply won't work.

What's extremely weird is that Administrators and Domain Admins can reset
passwords just fine - the only difference in the directory is that those two
groups have explicit rights to the 'Builtin' & 'Users' folders in the
directory. I turned off inherit permissions on these two folders, I wonder
if this is holding me back in some fashion with this new user and my
existing group. This is the same format across all of the domains and the
others are working, but at this point - I'll try anything.

--
Josh Messerschmitt

"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
news:ussfLKhJGHA.1124@xxxxxxxxxxxxxxxxxxxxxxx
> If it's permissions related, my usual way of dealing with this is to use
> auditing to see what rights are being used during the execution.
> My first guess would be something along the lines of inheritance, but
> that's a wild, wild guess. Try turning up the auditing, repeat the
> process and read the event details to see what events were used and which
> weren't. Also, try creating a new group and granting the permissions to a
> newly created user (remove the legacy administration issues) and see if
> you get the same issue.
>
> Al



.

Relevant Pages

  • Re: DC Policy: just want to audit files, not set security
    ... the particular directory to root the auditing ... different permissions within the area. ... >> I had never thought of using a SCE template File System ... >>> lot of events in the security log. ...
    (microsoft.public.windows.server.security)
  • RE: Send As permissions getting overwritten
    ... I understand that the "send as" permissions ... be overwrote for some reasons. ... If the problem appears again, I would suggest you enable auditing so ... Please enable auditing on the Exchange Server that hosts the mailboxes you ...
    (microsoft.public.windows.server.sbs)
  • Re: Audit files
    ... The other posters did a great job explaining what to do but FYI auditing ... fine tune what folders/files you are auditing and only audit the bare number ... of permissions needed to find the information that you need. ... > I need to audit any folders and files in a share drive. ...
    (microsoft.public.windows.server.security)
  • Re: iis5.1 and out of process application and xp
    ... > permissions that is causing probs ... then I'd recommend enable auditing in ... then enable file failure auditing on the relevant ... Then retry the application and check the windows security ...
    (microsoft.public.inetserver.iis.security)
  • Re: Date filed in table
    ... You can control some deletes, etc. from paradox based on passwords and permissions you set but they can be broken and it can get complicated to manage multiple levels across multiple tables and various users, permissions and systems. ... also like a field showing the last time the table entry was edited. ...
    (comp.databases.paradox)
Loading