[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 618
  • Last Modified:

Install Active Directory Users and Computers on Desktop PC with Password reset and unlock access

Our Servers are
Windows Server 2008 R2 Starndard 64 bits

All Desktops are
Windows 7 32 bits

I want to Install Active Directory Users and Computers on Desktop PC with Password reset and unlock rights only on one of my staff's machine.

How can i do it?

Thanks in advance.
0
propertyozadmin
Asked:
propertyozadmin
  • 2
  • 2
  • 2
  • +1
2 Solutions
 
g000seCommented:
Hi, install AD tools on the computer.  In the AD group policy modify it to limit the staff to password reset and unlock rights.
0
 
motnahp00Commented:
You will have to install RSAT to get ADUC on a workstation.

As for the password reset, delegate control on the OU and grant a user or security group "Reset user passwords and force password change next logon" permissions."
0
 
g000seCommented:
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
propertyozadminAuthor Commented:
Thanks Guys,

I have mananged download RSAT and installed on my desktop.( My login is member of domain admin group)

I think i will have no problem installing it on user's PC who is not domain administrator.
I am still not sure how to restrict that user to be able to just reset password and unlock account of other users. (really need to make sure he can't delete users and make other changes)

Do i need to set it up on domain Group policy ??
How do i set it up?

Help pls
0
 
robdlCommented:
I would shy away from installing RSAT on users desktops and giving them ANY access to ADUC. There are plenty of affordable and free Password Self Service solutions available.

If you enable users in AD to be able to change their own passwords, they can do it right from the login screen by clicking on 'Reset Password' (unlocking an account does not work).

If I may reccomend a product, I've been using Anixis Password Reset. It's definitely affordable.

http://anixis.com/products/apr/default.htm
0
 
motnahp00Commented:
You do not need a GPO. Delegate control on the OU and grant a user or security group "Reset user passwords and force password change next logon" permissions.
0
 
propertyozadminAuthor Commented:
Hi robdl / motnahp00,

Thanks for your suggestions.

But,
I think i didn't make myself clear. I want to install RSAT on just 1 user's computer so he can reset/unlock account for all users with our organisation. I want him to be point of contact for all our staff in case of account lock out or if password reset requied. But i need to make sure he can't make any other changes through Active directory uses and computer.

Suggestions Please....
0
 
robdlCommented:
Only install the necessary components through RSAT and give him the permissions on each container through Delagate Control. Here is a link that applies to 2008 also:

http://technet.microsoft.com/en-us/library/cc775585(v=ws.10).aspx
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now