Solved

Active Directory Permission Group Issue

Posted on 2006-06-26
5
146 Views
Last Modified: 2013-12-04
Our organization has a group of Service Techs that are allowed to reset passwords, add computers to the domain, Make changes within their own OU but not other OU's. I am trying to set it so the service techs are not allowed to Create or Delete users but do everything else with in their own OU. Any suggestions on specific deny's?
0
Comment
Question by:phil1429
5 Comments
 

Accepted Solution

by:
mteske earned 84 total points
ID: 16984983
Right click on the OU, select Delegate control, specify the Tech group and you can basically give them any permission needed to perform their tasks...you can get as finite as just allowing them to simply change fax numbers...of course, this is a wizard...

m
0
 
LVL 16

Assisted Solution

by:mdiglio
mdiglio earned 83 total points
ID: 16987141
Hello,

This will make more sense after you step through it once.

Open AD Users and Computers > click view > make sure 'Advanced Features' is checked
Right click on the OU > properties >  'security' tab > 'advanced' button.
Now locate the Tech Group and edit the listing that gives them the create ability.

You can give them the deny permission for creating user accounts like you said
or you can remove the create permission and that should be enough
0
 
LVL 9

Assisted Solution

by:rpartington
rpartington earned 83 total points
ID: 16996670
http://www.experts-exchange.com/Operating_Systems/Q_21605914.html
Same as the 2 above for a similar query amy help you understand it.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now