Helpdesk user rights to change pwd and account lockouts

Posted on 2005-04-12
Last Modified: 2010-03-18
Good day all,

I am trying to find away to have our helpdesk do more of the tier 1 calls, like change passwords, unlock accounts, and add the ability for someone to login to a different PC.

Currently, they login as the domain admin to a domain controller and make the change, and I know this is bad and I want to change it, but I can't take away the ability for them to do these things.

Is there a set of rights I can assign to let them do this? or is there a way I can make an alternate Admin account and limit rights so that user can do less than the domain admin but still accomplish what I need?

We are a Win2k AD environment.
Question by:jayrod
    LVL 18

    Expert Comment

    LVL 3

    Author Comment

    Thanks luv2smile, that helped alot. I was able to accomplish the password reset.

    However, as I bounce around the net reading on the delegation, many different sites show the wizard with different roles, some just reset a password (what I had), some have Change password and force change on login, and some have long lists that you have to scroll through to see them all.

    Why is my list very short, only 5 entries? Is it like ADM's and GPO's where I can download some more tasks? I read through the list of "create your own task" and didnt' find much else in there.
    LVL 18

    Accepted Solution

    The other way to do delegation (gives you more options) is to just set the security permissions in AD to allow or disallow users access to specific things.
    LVL 3

    Author Comment

    Perfect luv2smile.

    I did not have a paid account for, but just signed up to check out the article, it is exactly what I needed, never heard of the dssec.dat file before in my research.


    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
    I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now