Helpdesk user rights to change pwd and account lockouts

Posted on 2005-04-12
Medium Priority
Last Modified: 2010-03-18
Good day all,

I am trying to find away to have our helpdesk do more of the tier 1 calls, like change passwords, unlock accounts, and add the ability for someone to login to a different PC.

Currently, they login as the domain admin to a domain controller and make the change, and I know this is bad and I want to change it, but I can't take away the ability for them to do these things.

Is there a set of rights I can assign to let them do this? or is there a way I can make an alternate Admin account and limit rights so that user can do less than the domain admin but still accomplish what I need?

We are a Win2k AD environment.
Question by:jayrod
  • 2
  • 2

Author Comment

ID: 13761945
Thanks luv2smile, that helped alot. I was able to accomplish the password reset.

However, as I bounce around the net reading on the delegation, many different sites show the wizard with different roles, some just reset a password (what I had), some have Change password and force change on login, and some have long lists that you have to scroll through to see them all.

Why is my list very short, only 5 entries? Is it like ADM's and GPO's where I can download some more tasks? I read through the list of "create your own task" and didnt' find much else in there.
LVL 18

Accepted Solution

luv2smile earned 2000 total points
ID: 13762269
The other way to do delegation (gives you more options) is to just set the security permissions in AD to allow or disallow users access to specific things.


Author Comment

ID: 13763570
Perfect luv2smile.

I did not have a paid account for windowsitpro.com, but just signed up to check out the article, it is exactly what I needed, never heard of the dssec.dat file before in my research.


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question