Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 249
  • Last Modified:

Delegation Control- Checking permissions and getting it working with new updates

We have a windows SBS Server 2003, with WSUS 3.1 installed. Previously we had delegated the sysadmin to take control over one Organizational Unit so he could take control over resetting of the passwords of the users in that particular OU. This seem to work all fine with ADMIN PACK 2003 installed on his machines until his machine and the server both were updates using the WSUS Server. His machine has now got XP SP3. Here are the 2 issues I am trying to solve -

1. The user that was delegated control can no longer reset passwords or disable/enable accounts for that OU. When he tried to do that, he gets an error saying - "Windows cannot disable object "%username%" because: insufficient access rights to perform the operation".
I have reassigned the delegation rights on that OU a couple of times with no luck. Also I have tried uninstalling and re-installing the admin pack on that machine.

2. I have checked the user permissions using ACL DIAG tool and the sys admin has got all the delegated permissions needed. What else can be the problem??

Also I just noted that he can create new users but cannot modify properties on existing user objects.
0
easynet07
Asked:
easynet07
1 Solution
 
KCTSCommented:
Make sure that there is no explicit DENY for the user
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now