Solved

Install Active Directory Users and Computers on Desktop PC with Password reset and unlock access

Posted on 2012-04-10
8
608 Views
Last Modified: 2012-04-22
Our Servers are
Windows Server 2008 R2 Starndard 64 bits

All Desktops are
Windows 7 32 bits

I want to Install Active Directory Users and Computers on Desktop PC with Password reset and unlock rights only on one of my staff's machine.

How can i do it?

Thanks in advance.
0
Comment
Question by:propertyozadmin
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 11

Expert Comment

by:g000se
ID: 37830634
Hi, install AD tools on the computer.  In the AD group policy modify it to limit the staff to password reset and unlock rights.
0
 
LVL 21

Expert Comment

by:motnahp00
ID: 37830641
You will have to install RSAT to get ADUC on a workstation.

As for the password reset, delegate control on the OU and grant a user or security group "Reset user passwords and force password change next logon" permissions."
0
 
LVL 11

Assisted Solution

by:g000se
g000se earned 250 total points
ID: 37830669
0
 

Author Comment

by:propertyozadmin
ID: 37831154
Thanks Guys,

I have mananged download RSAT and installed on my desktop.( My login is member of domain admin group)

I think i will have no problem installing it on user's PC who is not domain administrator.
I am still not sure how to restrict that user to be able to just reset password and unlock account of other users. (really need to make sure he can't delete users and make other changes)

Do i need to set it up on domain Group policy ??
How do i set it up?

Help pls
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 2

Expert Comment

by:robdl
ID: 37832006
I would shy away from installing RSAT on users desktops and giving them ANY access to ADUC. There are plenty of affordable and free Password Self Service solutions available.

If you enable users in AD to be able to change their own passwords, they can do it right from the login screen by clicking on 'Reset Password' (unlocking an account does not work).

If I may reccomend a product, I've been using Anixis Password Reset. It's definitely affordable.

http://anixis.com/products/apr/default.htm
0
 
LVL 21

Expert Comment

by:motnahp00
ID: 37832025
You do not need a GPO. Delegate control on the OU and grant a user or security group "Reset user passwords and force password change next logon" permissions.
0
 

Author Comment

by:propertyozadmin
ID: 37835367
Hi robdl / motnahp00,

Thanks for your suggestions.

But,
I think i didn't make myself clear. I want to install RSAT on just 1 user's computer so he can reset/unlock account for all users with our organisation. I want him to be point of contact for all our staff in case of account lock out or if password reset requied. But i need to make sure he can't make any other changes through Active directory uses and computer.

Suggestions Please....
0
 
LVL 2

Accepted Solution

by:
robdl earned 250 total points
ID: 37836853
Only install the necessary components through RSAT and give him the permissions on each container through Delagate Control. Here is a link that applies to 2008 also:

http://technet.microsoft.com/en-us/library/cc775585(v=ws.10).aspx
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now