Re: Is it possible???

Why not just highlight all the accounts (ctrl a) and than right click
properties and than define the logon hours of those accounts?

"Jorge de Almeida Pinto [MVP]" wrote:

dsquery user <distinguished name OU> -scope subtree | dsmod user -disabled
yes

for this to be changed you need to delegate at least read/write permission
on the useraccountcontrol attribute

The "account is disabled" option is represented by a BIT/FLAG in the
useraccountcontrol attribute. That same attribute also contains other bits
that represent other options like "password never expires".

So to delegate the change of the option "account is disabled" to a group
(recommended) or user, you need to delegate the change to the
useraccountcontrol attribute (read permission and write permission). The
catch here is that by doing this you also allow the change of the other
BITS/FLAGS and that may be not desired by you.


--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"elvecio" <elvecio@xxxxxxxxxxxxx> wrote in message
news:e3eQBW0KGHA.2304@xxxxxxxxxxxxxxxxxxxxxxx
We would like to make a Bat file to disable all accounts of a specific OU
at night. and it will be started by a person who isen't member of the
administrators group. So...

I would like to know if it's possible to create this bat and how???
I would like to know if a simple user can do this.....

If anybody could help me...

Elvecio.




.

Relevant Pages

  • Re: Security question
    ... When you delegate permissions to manage user accounts, ... the users in the group that were delegate the permission can not manage each ... the Account Operator as well as the domain admin group will ...
    (microsoft.public.windows.server.security)
  • Re: Security question
    ... When you delegate permissions to manage user accounts, ... the users in the group that were delegate the permission can not manage each ... the Account Operator as well as the domain admin group will ...
    (microsoft.public.win2000.security)
  • Re: Establish WHO can use WHAT application
    ... add a new group Group1 with Read/Execute permission to the ... 1st directory in Program Files, add a new group Group2 with Read/Execute ... permission to the 2nd directory in Program Files, ... and all subfolders/files for at least one of the Admin accounts (e.g. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: New users cannot access some parts of internal website
    ... permission on the folders where the data is at and everyone has the same ... I understand that the new accounts cannot ... Uninstall Internet Explorer Enhanced Security by unchecking the same. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Establish WHO can use WHAT application
    ... would really make More sense that these accounts be moved to the Power ... add a new group Group1 with Read/Execute permission to the ... > with Read/Execute permission to the 3rd directory in Program Files, ... > Administrators but be very very careful here ...
    (microsoft.public.windowsxp.security_admin)
Loading