Re: 2003 Server Client/Delegation and Data Issues
- From: "Paul Bergson [MVP-DS]" <pbbergs@xxxxxxxxxxxxxx>
- Date: Tue, 11 Aug 2009 13:41:40 -0500
Different Jorge :-)
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Diane" <Diane@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8107B600-7927-42ED-A42D-4E44E33F0D42@xxxxxxxxxxxxxxxx
Thank you Paul. I will go through Jorge's blog plus the links he sent. I
agree with you re: the desktops. I tested the adminpak on an xp pro/sp3
desktop and ran into MMC conflicts with sp3. I had to remove it to enable
mmc to work. I plan to try again, however, these same folks also need the
ability to unlock the backup autoloader (when necessary) to change tapes
which is on the same server. For the time being, I thought I would
centralize their access.
Diane
"Paul Bergson [MVP-DS]" wrote:
Is there a reason you have them logging into a seperate machine to manage
these accounts? They should be able to be controlled from their own
desktops.
I think Jorge's blog on this could help you out:
http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/369.aspx
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Diane" <Diane@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C7AA9E84-47F7-4D15-B604-8EEF6962AA77@xxxxxxxxxxxxxxxx
Windows 2000 DC, Win2003/sp2 member server with Adminpak for Windows
Server
2003 sp2
I have been going 2 steps back and 3 forward on this, but now I seem to
be
just going backwards. I have concluded that since I'm new to all this,
I'm
may be missing some basic understanding of how this is suppose to work.
I want to delegate the ability to unlock user accounts to 3
non-technical
users in a firm. I have a global security group for the 3 users. On
the
OU
that I want these folks to be able to manage, I have delegated
permissions
to
the group (read/write lockout). I checked the security/advanced tab
and
they
appear to be assigned correctly.
The issue is on the Win2003 server. The goal is for them to be able to
log
into the server with their own user accounts to access a very limited
console. However, after installing the adminpak for Winserver
2003/sp2,
just
the admin tools, I noticed that in the administrator account the data
in
the
console is not up to date. For example, it shows an account as locked
out,
when on the DC it is not (it had been at some point, but was unlocked).
Also, when I log in as one of the delegates, the unlock is grayed out
and
also shows the same incorrect data as the admin account. I had this
working
for just one of delegates - then they wanted to add more people. After
I
created the group and went to recreate my steps, nothing worked. I
have
run
dsrevoke on the DC and permissions appeared correct to me. I have also
installed and uninstalled the console, rebooted, etc. to no avail. I
have
no
idea what to try next and would greatly appreciate guidance to get me
going
forward again.
Thank you,
.
- Follow-Ups:
- References:
- 2003 Server Client/Delegation and Data Issues
- From: Diane
- Re: 2003 Server Client/Delegation and Data Issues
- From: Paul Bergson [MVP-DS]
- Re: 2003 Server Client/Delegation and Data Issues
- From: Diane
- 2003 Server Client/Delegation and Data Issues
- Prev by Date: Re: User home directory - admin questions
- Next by Date: Change Domain Name
- Previous by thread: Re: 2003 Server Client/Delegation and Data Issues
- Next by thread: Re: 2003 Server Client/Delegation and Data Issues
- Index(es):
Relevant Pages
|
