Account Operator Security Rights
- From: "David G. Hoch" <dhoch@xxxxxxxxxxxxxxxxxxx>
- Date: Tue, 1 Jul 2008 14:05:47 -0400
This is a question of curiosity more than anything else, since the problem
has been resolved.
I'm running Windows Server 2003 SBS.
I wanted to give a user the ability to modify members of E-Mail Distribution
lists which are created as ActiveDirectory Security Groups with Exchange
E-Mail addresses.
In AD Users and Computers, I opened the secuirty group that I wanted to
allow changes to and looked at the Security tab. "Account Operators" was
already included on that tab with "Full Control" rights.
I added the user who would be making the changes to the "Account Operators"
group, and expected this would permit them to make changes to that list.
When the user tested this they got a message stating that they did not have
security permissions to make changes to the list. As a note, the user had
logged off and back on after the change to their account.
Next, I added the individual user to the Security tab of the list, and gave
that user "Full Control". Once that was done the user is able to make
changes successfully.
I'm curious why the rights didn't flow through the Account Operators group
to provide the user with the rights they needed. I prefer to never assign
individual users explicit rights to anything. Rather I like to assign users
to groups and give groups rights. In this case that didn't seem to work.
Any thoughts on why that might be?
Thanks,
--David
.
- Follow-Ups:
- Re: Account Operator Security Rights
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: Account Operator Security Rights
- Prev by Date: Re: After changing minPwdLength using ADSIEDIT, we get 1202 errors
- Next by Date: Re: Account Operator Security Rights
- Previous by thread: Re: After changing minPwdLength using ADSIEDIT, we get 1202 errors
- Next by thread: Re: Account Operator Security Rights
- Index(es):
Relevant Pages
|
