Agreed. Delegation is how we give rights to our external help desk for things such as password resets, account unlocks, etc.
Don Guyer Systems Engineer - Information Services Prudential, Fox & Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 [email protected] <mailto:[email protected]> From: David Lum [mailto:[email protected]] Sent: Thursday, December 03, 2009 10:31 AM To: NT System Admin Issues Subject: RE: AD users and computers +1 From: Christopher Bodnar [mailto:[email protected]] Sent: Thursday, December 03, 2009 5:59 AM To: NT System Admin Issues Subject: RE: AD users and computers With some experimentation you can get exactly what you want. The delegation wizard is the place to start and if that isn't sufficient modify the permissions directly. One thing to keep in mind is that by default this user or group won't be able to modify users in protected groups. In 2003 these are: Administrators Account Operators Server Operators Print Operators Backup Operators Domain Admins Schema Admins Enterprise Admins Cert Publishers But for what you are describing that probably won't be an issue. I'd suggest creating a group for this type of access, just in case you need to give it to someone else down the line. YMMV Chris Bodnar, MCSE Sr. Systems Engineer Infrastructure Service Delivery Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: [email protected] Phone: 610-807-6459 Fax: 610-807-6003 ________________________________ From: Maglinger, Paul [mailto:[email protected]] Sent: Thursday, December 03, 2009 8:38 AM To: NT System Admin Issues Subject: RE: AD users and computers ADManager (not free) but pretty granular... From: Steve Ens [mailto:[email protected]] Sent: Wednesday, December 02, 2009 4:45 PM To: NT System Admin Issues Subject: AD users and computers I need to allow a receptionist the ability to add information like phone numbers, extensions, etc to AD. What's the easiest way? Install the adminpak on the station? I am drawing a blank as to where I give permissions to the individual. Any assistance appreciated. I don't want her to do any damage... ________________________________ This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
