Solved

HelpDesk can only change passwords for certain OUs in Win2K3 domain

Posted on 2006-07-03
5
294 Views
Last Modified: 2010-04-18
I am trying to go back and figure out the work that a previous network administrator did for our company. Our helpdesk only has access to change the passwords for certain OUs in our domain. Some OUs give them an "Access Denied" error message.

I thought it might be a group policy setting, but this user is in an OU that has group policy blocked from propagating to them.

Any thoughts would be appreciated.
0
Comment
Question by:richardmoses
5 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 100 total points
ID: 17033282
i would say he has used the delegation of control wizard on each OU
0
 
LVL 1

Author Comment

by:richardmoses
ID: 17033345
Is there a way I can tell who already has control on each OU? When I run the wizard, it doesn't give me any users.
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 25 total points
ID: 17033688
rightclick on the OU and go to properties, then look at the security tab.
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 17042790
i would agree with Jay_Jay.
the user might have permissions delegated.
to check for existing delegation you could use Acldiag.
i guess dsacl could also be used to check for existing delegations.
you could delegate permissions for a group (helpdesk) at the domain for performing certain functions and then add or remove users to and from the group as a best practice rathar then delegating to a particular user.
0
 
LVL 1

Author Comment

by:richardmoses
ID: 17042860
Thanks for the help...It looks like this is how he set it up. I have fixed accordingly.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now