Solved

Restricted User Administrator

Posted on 2013-11-04
1
314 Views
Last Modified: 2013-11-06
We would like to create a security group for a set of users to have restricted user administration privileges.

Right now we have it so that (pretty much like default) Win 7 users can go to 'Network Locations' from 'My Computer' and click the 'Search Active Directory' tab. From there they can find their account and modify only their first 2 tabs of information.

We would like to make a security group where members of that group can search for any user and modify those first two tabs of information (and one of the 3rd). This would allow us to bypass installing  RSAT / ADUC for each of the members of that security group.

I have not been able to find an accurate listing of which permissions would allow this as we want to only allow the minimum amount of extra changes.

Here is a specific list of the fields we want the users to be able to modify:

General Tab - First Name, Last Name, Display Name, Telephone, Email, Home Page
Address Tab - Street, PO Box, City, Zip/Postal Code, Country/region
Business Tab - Office

Any help would be greatly appreciated! As this is for a number of users I want to make sure we implement only the proper permissions and don't end up with issues down the line.

Thanks!!!
0
Comment
Question by:PDGPA
1 Comment
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
Comment Utility
You can give that group permissions to specific attributes.  The screenshot below is from the delegation control wizard (custom task).  You can also modify the ACL

Delegate
Thanks

Mike
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now