Solved

Active Directory Permission Group Issue

Posted on 2006-06-26
5
154 Views
Last Modified: 2013-12-04
Our organization has a group of Service Techs that are allowed to reset passwords, add computers to the domain, Make changes within their own OU but not other OU's. I am trying to set it so the service techs are not allowed to Create or Delete users but do everything else with in their own OU. Any suggestions on specific deny's?
0
Comment
Question by:phil1429
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 

Accepted Solution

by:
mteske earned 84 total points
ID: 16984983
Right click on the OU, select Delegate control, specify the Tech group and you can basically give them any permission needed to perform their tasks...you can get as finite as just allowing them to simply change fax numbers...of course, this is a wizard...

m
0
 
LVL 16

Assisted Solution

by:mdiglio
mdiglio earned 83 total points
ID: 16987141
Hello,

This will make more sense after you step through it once.

Open AD Users and Computers > click view > make sure 'Advanced Features' is checked
Right click on the OU > properties >  'security' tab > 'advanced' button.
Now locate the Tech Group and edit the listing that gives them the create ability.

You can give them the deny permission for creating user accounts like you said
or you can remove the create permission and that should be enough
0
 
LVL 9

Assisted Solution

by:rpartington
rpartington earned 83 total points
ID: 16996670
http://www.experts-exchange.com/Operating_Systems/Q_21605914.html
Same as the 2 above for a similar query amy help you understand it.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question