Solved

Restricted User Administrator

Posted on 2013-11-04
1
320 Views
Last Modified: 2013-11-06
We would like to create a security group for a set of users to have restricted user administration privileges.

Right now we have it so that (pretty much like default) Win 7 users can go to 'Network Locations' from 'My Computer' and click the 'Search Active Directory' tab. From there they can find their account and modify only their first 2 tabs of information.

We would like to make a security group where members of that group can search for any user and modify those first two tabs of information (and one of the 3rd). This would allow us to bypass installing  RSAT / ADUC for each of the members of that security group.

I have not been able to find an accurate listing of which permissions would allow this as we want to only allow the minimum amount of extra changes.

Here is a specific list of the fields we want the users to be able to modify:

General Tab - First Name, Last Name, Display Name, Telephone, Email, Home Page
Address Tab - Street, PO Box, City, Zip/Postal Code, Country/region
Business Tab - Office

Any help would be greatly appreciated! As this is for a number of users I want to make sure we implement only the proper permissions and don't end up with issues down the line.

Thanks!!!
0
Comment
Question by:PDGPA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 39622552
You can give that group permissions to specific attributes.  The screenshot below is from the delegation control wizard (custom task).  You can also modify the ACL

Delegate
Thanks

Mike
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Determining the an SCCM package name from the Package ID
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question