Solved

Restrict viewing of certain OU's in MMC.

Posted on 2007-03-19
4
930 Views
Last Modified: 2011-10-03
I have Active Directory installed on a Windows 2000 Server.  I have an OU named 'Agents'.  I would like to delegate administration of the 'Agents' OU to a select group of people, who are running Windows XP.  I assume I will need to install the Admin Tools for Windows Server 2003 on those delegates XP stations so they can run the 'Active Directory Users and Computers' snap-in.  I would like to prevent the people who I am delegating administration rights to from seeing any OU's other than the 'Agents' OU.  Please explain how I can accomplish this.

The link below delves into this same topic, but I don't understand the author's solution, specifically when he makes mention of "drilling down and creating a new sheet".

http://search.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_21415128.html?sfQueryTermInfo=1+%22user+comput%22+restrict

0
Comment
Question by:CousinDupree
4 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 18750393
0
 

Accepted Solution

by:
CousinDupree earned 0 total points
ID: 18773036
I figured it out.  In case anyone else is interested:

[1] Start Microsoft Management Console (Start->Run  Type 'MMC' and press Enter).
[2] Press CTRL-M.  This will open the 'Add/Remove Snap-in' window.
[3] Click 'Add'.  This will open the 'Add Standalone Snap-in' window.
[4] Select the 'Active Directory Users and Computers' snap-in and click on the Add button.  (Admin Tools need to be installed on your machine from AdminPak.msi).  Click 'Close'.
[5] Click OK in the 'Add/Remove Snap-in' window.
[6] In the 'Console Root' window, navigate to the OU in question in the Console Root tree (the left pane).
[7] Right click on the OU and select 'New Window from Here'.  A new window will open and will be named the same as the OU.
[8] Close the original 'Console Root' window.
[9] On the menu across the top of the console, click on File->Options.  Change the Console mode to 'User mode - limited access, single window'.
[10] On the menu across the top of the console, click on View->Customize.  Uncheck 'Standard menus (Action and View)', 'Standard toolbar', and 'Toolbars'.  Click OK.
[11] Click File->Save-As and save the console.

It seems to work for me.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question