We have had problems with Help Desk techs “copying” a user in Active Directory
to set up a new user that is very similar in roles to an existing user.
However, they don’t always look over the Memberships closely enough and
sometimes an employee that was “copied” from an existing employee in AD had
permissions they shouldn’t. I have put in a new policy that copying a user in
AD is no longer allowed and that all new users must be setup from scratch. Is
there a way to enforce this in AD? I would like for the Help Desk to be able
to create new users, delete users, edit users, just not copy users. Can this
be done?
~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~
~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
