• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 157
  • Last Modified:

Active Directory Permission Group Issue

Our organization has a group of Service Techs that are allowed to reset passwords, add computers to the domain, Make changes within their own OU but not other OU's. I am trying to set it so the service techs are not allowed to Create or Delete users but do everything else with in their own OU. Any suggestions on specific deny's?
0
phil1429
Asked:
phil1429
3 Solutions
 
mteskeCommented:
Right click on the OU, select Delegate control, specify the Tech group and you can basically give them any permission needed to perform their tasks...you can get as finite as just allowing them to simply change fax numbers...of course, this is a wizard...

m
0
 
mdiglioCommented:
Hello,

This will make more sense after you step through it once.

Open AD Users and Computers > click view > make sure 'Advanced Features' is checked
Right click on the OU > properties >  'security' tab > 'advanced' button.
Now locate the Tech Group and edit the listing that gives them the create ability.

You can give them the deny permission for creating user accounts like you said
or you can remove the create permission and that should be enough
0
 
rpartingtonCommented:
http://www.experts-exchange.com/Operating_Systems/Q_21605914.html
Same as the 2 above for a similar query amy help you understand it.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now