Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Active Directory Permission Group Issue

Posted on 2006-06-26
5
Medium Priority
?
156 Views
Last Modified: 2013-12-04
Our organization has a group of Service Techs that are allowed to reset passwords, add computers to the domain, Make changes within their own OU but not other OU's. I am trying to set it so the service techs are not allowed to Create or Delete users but do everything else with in their own OU. Any suggestions on specific deny's?
0
Comment
Question by:phil1429
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 

Accepted Solution

by:
mteske earned 336 total points
ID: 16984983
Right click on the OU, select Delegate control, specify the Tech group and you can basically give them any permission needed to perform their tasks...you can get as finite as just allowing them to simply change fax numbers...of course, this is a wizard...

m
0
 
LVL 16

Assisted Solution

by:mdiglio
mdiglio earned 332 total points
ID: 16987141
Hello,

This will make more sense after you step through it once.

Open AD Users and Computers > click view > make sure 'Advanced Features' is checked
Right click on the OU > properties >  'security' tab > 'advanced' button.
Now locate the Tech Group and edit the listing that gives them the create ability.

You can give them the deny permission for creating user accounts like you said
or you can remove the create permission and that should be enough
0
 
LVL 9

Assisted Solution

by:rpartington
rpartington earned 332 total points
ID: 16996670
http://www.experts-exchange.com/Operating_Systems/Q_21605914.html
Same as the 2 above for a similar query amy help you understand it.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question