RE: [ActiveDir] Delegation

[Lucas, Bryan]

Title: Message

I’ve recently joined this list and didn’t see this post.  Is there any list (official or unofficial) that details what permissions are necessary to delegate certain tasks?   Bryan Lucas Server Administrator Texas Christian University (817) 257-6971 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wyatt, David Sent: Thursday, March 02, 2006 5:53 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Delegation   I remember seeing a posting that listed the ACLs required on User objects so that a Help Desk could perform duties such as resetting password, unlocking accounts etc.   The posting mentioned the following permissions:   * allow Reset Password permission for user objects-grants permission to reset an account's password * allow Write lockoutTime permission for user objects-grants permission to unlock an account * allow Write pwdLastSet permission for user objects-grants permission to set User must change password at next logon account property * allow Read AccountRestrictions permission for user objects-grants permission to read all account options Can someone explain what the last permission is actually providing or allowing to be Read?  If this permissions is not set I can still click the Account tab of a user account and view the state of the account options.     Regards David **************************************************************************** This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. ****************************************************************************