• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 220
  • Last Modified:

Logon to XP workstations but can reset passwords on an 2003 domain

We have teachers that logon to various workstations in multiple rooms but they need to have an interface each time that will enable them to reset passwords in AD. We do not want them to have admin rights or logon to the server not even using remote. Any ideas how we can make this happen so that it starts when they logon?
0
AndyinJapan
Asked:
AndyinJapan
1 Solution
 
Share-ITCommented:
install the admin pack (adminpak.msi) on the client machines. Give them a short cut that points to dsa.msc.
Then give them the account operators rights on the AD.
0
 
KCTSCommented:
You can delegate control to them to allow them to change passwords and provide them with a custom taskpad
http://www.petri.co.il/create_taskpads_for_ad_operations.htm
0
 
Chris DentPowerShell DeveloperCommented:

It depends how complicated you want  to get, and how simple it has to be for the teachers.

But you could potentially install the AdminPak on that machine which would give them AD Users and Computers. Creating a group and granting that group the "Reset Password" right on all user objects (or the ones you want them to be able to change).

Chris
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Chris DentPowerShell DeveloperCommented:

I would avoid Account Operators, they can create / delete accounts as well which seems more than you need?

Chris
0
 
ChiefITCommented:
If they have to reset their password each time they logon to a different location, it sounds like they may have passwords changed while logged on from a location or two. Or maybe they have managed passwords on some of these computers.

Really, there shouldn't be much of a need to reset passwords to that extent.
0
 
AndyinJapanAuthor Commented:
Hi all,
I can install the admin pack but the issue is with that solution is there are too many PC's to install it to. I had heard of someone setting up the admin pack or at lease something like that when that certain user logon they also got the admin pack installed. I'm not sure if this worked or not...

Many thanks for all your help...
Andy
0
 
Chris DentPowerShell DeveloperCommented:

It's an MSI file so you should be able to deploy it easily enough using Group Policy if necessary. There are instructions for doing that here:

http://support.microsoft.com/kb/816102

The only change I'd make is that I recommend using this to manage group policy rather than trying to do it through AD Users and Computers:

http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now