That sounds dangerous. If you give him access to that server, particularly local logon access, you might as well just put him in the Enterprise Admin group and save both of you a few moments of work.
-ASB FAST, CHEAP, SECURE: Pick Any TWO http://www.ultratech-llc.com/KB/ On 9/20/05, van Donk, Fred <[EMAIL PROTECTED]> wrote: > I have a contractor in a remote site. There is only 1 server in that site > which is a DC. > > He needs to administer that server. > -Create shares > -Make file/share permissions > -Change user passwords in the User OU for that site. > > He is not allowed to log on to any other server is the domain. > > When I make him a "Server Operator" he can logon to any server in the > domain. > > Any idea on how to lock him down to that one server and then how to lock him > down on that one OU where he should only be allowed to change the passwords > of the users. > > Thanks! > Fred List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
