Solved

Assigning certain privilages

Posted on 2004-09-25
1
189 Views
Last Modified: 2013-12-04
I have a windows 2000 server.  Actually I have many of them.  I have a help desk.  Now the help desk has almost domain admin rights.  I have users that forget their password a lot so we let the help desk unlock them and reset their password and all.  I also have a group of about 355 people that have the same rights as the helpdesk.  Except when they lock themselves out the help desk can not unlock them and they have to call me and my 5 man team.  Is there a way I can give the help desk permission to unlock all type of accounts without giving them domain admins?

Thanks
John
0
Comment
Question by:John Sheehy
1 Comment
 
LVL 84

Accepted Solution

by:
oBdA earned 350 total points
ID: 12150587
You can give them only the basic permissions they need, and even give them a customized MMC task pad that doesn't leave much room for errand clicks; check out these articles:

HOW TO: Delegate Administrative Authority in Windows 2000
http://support.microsoft.com/?kbid=315676

HOW TO: Create and Edit a Taskpad View in a Saved MMC Console in Windows 2000
http://support.microsoft.com/?kbid=321143

Default Security Concerns in Active Directory Delegation
http://support.microsoft.com/?kbid=235531

Delegate Control Wizard Cannot Be Used to Remove Groups or Users
http://support.microsoft.com/?kbid=229873

Administrative Tool Menu Is Sensitive to User's Permissions
http://support.microsoft.com/?kbid=214739

Active Directory Database Size and Delegation Access Rights
http://support.microsoft.com/?kbid=197054

How To Delegate the Unlock Account Right
http://support.microsoft.com/?kbid=294952
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OSSEC, can't pull in System and Application logs. 11 114
how to mitigate against $ theft from ATM machines 5 140
SID change in file permissions 3 136
suspending the anti virus 6 139
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question