Solved

set password

Posted on 2001-08-30
9
150 Views
Last Modified: 2010-04-13
How can I prevent another administrator from managing paswords?
0
Comment
Question by:Enej
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 8

Expert Comment

by:engeltje
Comment Utility
By not adding the user to administrators, but just normal users with explicit rights of what he can do.
When modyfying passwords is not authorised, the user must be a power user, not an admin.
0
 

Accepted Solution

by:
msctec earned 20 total points
Comment Utility
If you are using 200 do the following

Create a GPO that specifices password changes
Link the GPO to the domain , site or OU you are using
Use the filter policy for in the GPO and place the deny permission against the user in question
This will allow him/her to do all other admin tasks except change passwords
0
 
LVL 17

Expert Comment

by:mikecr
Comment Utility
It would be much much easier to go into AD Users and Computers, right click on the Domain and choose Delegate and walk thru the wizard and just delegate authority to what you would like him to do. This way he can be a regular user but you can give him everything but the power to change passwords and you don't have to set up a policy to do it.
0
 

Expert Comment

by:msctec
Comment Utility
Mikecr - if the user is still needes to be in the administrators group then I am not sure what you are suggesting would work. Unless a specific deny is placed then wouldn't the permissions be cumulative and therefore any delegation be ignored if no specific deny was placed.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 17

Expert Comment

by:mikecr
Comment Utility
If you create joe blow user and the only thing he is is a domain user and you delegate tasks to him, you are effectively giving him the right to perform that task and that task only without adding to or detracting from. I like policies too, don't get me wrong, but I personally wouldn't create one for only a couple people that needed a little more power to do something. Delegation is a good way to go without going thru the mess of creating a policy that you will need to change by adding and removing people from.
0
 

Expert Comment

by:kupriaa1
Comment Utility
You can also use the ADSI edit located on the Advanced servicer disk in the reskit folder.  Go into the domain partition and deny the user the ability to manage passwords.  They can still be an administrator without password management
0
 
LVL 1

Expert Comment

by:Moondancer
Comment Utility
ADMINISTRATION WILL BE CONTACTING YOU SHORTLY.  Moderators Computer101 or Netminder will return to finalize these if they are still open in 14 days.  Experts, please post closing recommendations before that time.

Below are your open questions as of today.  Questions which have been inactive for 21 days or longer are considered to be abandoned and for those, your options are:
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response.  This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database.  If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
   --> Post comments for expert of your intention to delete and why
   --> YOU CANNOT DELETE A QUESTION with comments; special handling by a Moderator is required.

For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
 
Please click this link for Help Desk, Guidelines/Member Agreement and the Question/Answer process.  http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp

Click you Member Profile to view your question history and please keep them updated. If you are a KnowledgePro user, use the Power Search option to find them.  

Questions which are LOCKED with a Proposed Answer but do not help you, should be rejected with comments added.  When you grade the question less than an A, please comment as to why.  This helps all involved, as well as others who may access this item in the future.  PLEASE DO NOT AWARD POINTS TO ME.

To view your open questions, please click the following link(s) and keep them all current with updates.
http://www.experts-exchange.com/questions/Q.20169680.html
http://www.experts-exchange.com/questions/Q.20176191.html
http://www.experts-exchange.com/questions/Q.20294298.html



*****  E X P E R T S    P L E A S E  ******  Leave your closing recommendations.
If you are interested in the cleanup effort, please click this link
http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643
POINTS FOR EXPERTS awaiting comments are listed in the link below
http://www.experts-exchange.com/commspt/Q.20277028.html
 
Moderators will finalize this question if in @14 days Asker has not responded.  This will be moved to the PAQ (Previously Asked Questions) at zero points, deleted or awarded.
 
Thanks everyone.
Moondancer
Moderator @ Experts Exchange
0
 

Author Comment

by:Enej
Comment Utility
will do ...T.
0
 
LVL 1

Expert Comment

by:Moondancer
Comment Utility
Thank you for returning and finalizing this.
Moondancer - EE Moderator
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
auto copy 8 610
Migrate DFS role 3 710
Outlook 2013 Certicate error 1 281
Locking down a taskpad 1 141
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now