Re: Enable non-admin users to access member servers or client PC

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: Kent <Kent@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 24 Jul 2008 21:54:00 -0700

---

Thanks guys for all the input...the solution works well ;)
But i just hit with an issue on delegation.

I've given FULL right via delegation for Helpdesk to modify user account
info/reset password. However, there are only a certain accounts that can be
modified by them. Any reason this is not working for all? FYI, all the
accounts are in the same OU...so it should be working.



"Meinolf Weber" wrote:

Hello Kent,

1. For a full troubleshooting on client they need local admin rights, you
can do it this way: http://www.frickelsoft.net/blog/?p=13
5. To manage print queues grant them the right "Manage Printers" under the
printer properties.
6. Use a special domain group which has Full control on the folder where
they should work and make sure inheritance is used to get the rights also
deeper in the folder structure.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Hello,
I would like to restructure my AD user permission.
Non-Admin users like helpdesk will be performing:
1. Troubleshoot on client machine
2. Health check on member servers
3. Reset user password
4. Add/Delete/Modify user account info
5. Manage print queue
6. Modify file servers folder permission
What i've done thus far:
1. Add helpdesk users to Remote Desktop Users group
2. Enable Restricted Groups for Remote Desktop Users group
3. Enable delegation to perform Modification to users account
info/reset
user password
The thing that i did can solve item 2, 3 & 4
Item 1, 5 & 6 are not successful because Helpdesk does not belongs to
Admin
groups like Domain Admins, Administrators, etc.
Any advice on how to do this correctly?
Thanks in advance.

.

---

• Follow-Ups:
  • Re: Enable non-admin users to access member servers or client PC
    • From: Meinolf Weber

• References:
  • Re: Enable non-admin users to access member servers or client PC
    • From: Meinolf Weber

• Prev by Date: Re: Best Practice AD install
• Next by Date: .©©©©©©© -- Actress Secret BOTH ROOM scenes -- ©©©©
• Previous by thread: Re: Enable non-admin users to access member servers or client PC
• Next by thread: Re: Enable non-admin users to access member servers or client PC
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: local admin/ domain admin ... the lines of "perform common helpdesk tasks". ... passwords, for instance. ... check out "delegation" in AD. ... You'll also want to drop the admin accounts, service accounts, etc. into ... (Security-Basics) Re: Joining Computers to Domain ... It's a Custom task ... > Also, an afterthought on my personal user account, ... >>What delegation did you give the user account? ... >>Derek Melber ... (microsoft.public.windows.group_policy) Delegation ... mehrmaligem falsch anmelden vom System gesperrt werden, wieder freischalten ... Ich habe hierzu eine Gruppe angelegt und die Delegation durchgeführt. ... Der Helpdesk kann in der Registerkarte "Account" alles ... (microsoft.public.de.german.win2000.active_directory) RE: local admin/ domain admin ... you can do this via Delegation. ... of your helpdesk personal into that group then delegate the OU that has ... all of your users and/or machine accounts to the group that you created ... administrators password.. ... (Security-Basics)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2008-07