Solved

What rights do student helpdesk staff need to administer user objects in AD?

Posted on 2006-07-10
1
225 Views
Last Modified: 2013-12-04
I am the administrator for a high school, and beginning this year, I will have several students working with my manning a helpdesk.  We run a Windows 2003 network.

I would like them to be able to reset passwords, add/remove group assignments, modify user object properties (name, etc), and printer assignments.

Does anyone know of any built-in security groups of policies that will allow this to happen easily?

Thank you!
Scott Sandstrom
0
Comment
Question by:scsandstrom
1 Comment
 
LVL 19

Accepted Solution

by:
CoccoBill earned 50 total points
ID: 17080253
Create new domain local security group and delegate it the desired permissions, but make sure you ONLY grant the permission to an OU containing regular user accounts, NOT admin/service accounts or groups. This can be easily done, but the printer assignments is a bit more complicated. There is the built-in group Printer Admins, but that gives them also the permission to modify print queues and printer drivers. If you just want them to be able to reset printer queues and delete pending jobs, publish all your network printers in the AD, do a search for all printer objects and select them all, and you can give them just the limited rights through right click->properties->security.

Step-by-Step Guide to Using the Delegation of Control Wizard
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/ctrlwiz.mspx#ELD

Securing Active Directory Administrative Groups and Accounts
http://www.microsoft.com/technet/security/topics/networksecurity/sec_ad_admin_groups.mspx
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now