Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Delegation Control- Checking permissions and getting it working with new updates

Posted on 2008-06-16
1
Medium Priority
?
246 Views
Last Modified: 2012-05-05
We have a windows SBS Server 2003, with WSUS 3.1 installed. Previously we had delegated the sysadmin to take control over one Organizational Unit so he could take control over resetting of the passwords of the users in that particular OU. This seem to work all fine with ADMIN PACK 2003 installed on his machines until his machine and the server both were updates using the WSUS Server. His machine has now got XP SP3. Here are the 2 issues I am trying to solve -

1. The user that was delegated control can no longer reset passwords or disable/enable accounts for that OU. When he tried to do that, he gets an error saying - "Windows cannot disable object "%username%" because: insufficient access rights to perform the operation".
I have reassigned the delegation rights on that OU a couple of times with no luck. Also I have tried uninstalling and re-installing the admin pack on that machine.

2. I have checked the user permissions using ACL DIAG tool and the sys admin has got all the delegated permissions needed. What else can be the problem??

Also I just noted that he can create new users but cannot modify properties on existing user objects.
0
Comment
Question by:easynet07
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 70

Accepted Solution

by:
KCTS earned 1000 total points
ID: 21798380
Make sure that there is no explicit DENY for the user
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question