Solved

Delegation Control- Checking permissions and getting it working with new updates

Posted on 2008-06-16
1
243 Views
Last Modified: 2012-05-05
We have a windows SBS Server 2003, with WSUS 3.1 installed. Previously we had delegated the sysadmin to take control over one Organizational Unit so he could take control over resetting of the passwords of the users in that particular OU. This seem to work all fine with ADMIN PACK 2003 installed on his machines until his machine and the server both were updates using the WSUS Server. His machine has now got XP SP3. Here are the 2 issues I am trying to solve -

1. The user that was delegated control can no longer reset passwords or disable/enable accounts for that OU. When he tried to do that, he gets an error saying - "Windows cannot disable object "%username%" because: insufficient access rights to perform the operation".
I have reassigned the delegation rights on that OU a couple of times with no luck. Also I have tried uninstalling and re-installing the admin pack on that machine.

2. I have checked the user permissions using ACL DIAG tool and the sys admin has got all the delegated permissions needed. What else can be the problem??

Also I just noted that he can create new users but cannot modify properties on existing user objects.
0
Comment
Question by:easynet07
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 21798380
Make sure that there is no explicit DENY for the user
0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question