Helpdesk user rights to change pwd and account lockouts
Posted on 2005-04-12
Good day all,
I am trying to find away to have our helpdesk do more of the tier 1 calls, like change passwords, unlock accounts, and add the ability for someone to login to a different PC.
Currently, they login as the domain admin to a domain controller and make the change, and I know this is bad and I want to change it, but I can't take away the ability for them to do these things.
Is there a set of rights I can assign to let them do this? or is there a way I can make an alternate Admin account and limit rights so that user can do less than the domain admin but still accomplish what I need?
We are a Win2k AD environment.