Re: Delegation issue
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Fri, 22 Sep 2006 01:36:23 -0500
<tornado579@xxxxxxxxx> wrote in message
news:1158893323.542531.237330@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi group,
I am looking to delegate few of the activities like resetting passwords
and unlocking the accounts etc to the helpdek folks. I guess this can
be done with delegation wizard.
Sure, or even by making them Account Operators for the entire
domain (well, almost*).
But at the same time i want to ensure that they dont have the rights to
change the folder/files permissions and shutdown the server system. Is
there any way i can possibly acheive this ?
*Account Operators can actually logon to servers and (IIRC) shut
them down (not sure about the latter), but in generally granting specific
rights or permissions IS NOT going to let anyone change the permissions
on NTFS objects.
This latter is not quite true due to some bugs/features where if you
are an admin (or have enough power to install device drivers for
instance) there are ways around security.
Any inputs will be of great help.
Delegation wizard will do what you want probably. After that
you must use specific object permissions (rather than the simple
convenience of the permissions.)
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Thanks,
John
.
- Follow-Ups:
- Re: Delegation issue
- From: tornado579
- Re: Delegation issue
- References:
- Delegation issue
- From: tornado579
- Delegation issue
- Prev by Date: Re: Delegation issue
- Next by Date: Re: HELP!!! Demoted DC and Log-On Problems
- Previous by thread: Re: Delegation issue
- Next by thread: Re: Delegation issue
- Index(es):
Relevant Pages
|
