You could just delegate the required permissions in AD for certain user accounts.
However if you want challenge response questions and the like, there are a lot of bits of software out there, although mostly they concentrate on self-service rather than helpdesk use. I've used Citrix Single Sign-On for this, but unless you've got Citrix Enterprise licenses already that wouldn't be very cost-effective....Google should find loads of different options in this arena. You could just delegate the permissions in AD and maybe create some custom AD attributes to quiz the users on before resetting their passwords, but I don't know whether accessing this information might be a bit of a PITA to configure. Cheers, JR On 2 October 2013 13:04, Jon D <[email protected]> wrote: > Upper management wants our helpdesk staff to be able to reset users AD > passwords. > I'm wondering what tool other people use for this type of situation. > These staff can't be trusted very much IMO, in general they don't seem to > care about security. > > Ideally I would like something with an audit trail, something that can > block out certain accounts from being reset, and maybe a challenge response > mechanism so they have to have the end-user answer a question or two before > it will reset their password. > > Does anyone know of or use any good tools out there like this? > > > Thanks, > Jon > > > -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk
