• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 227
  • Last Modified:

Server 2012 permissions

Hi, we have a third party company which looks after our 2nd level support for our server, and naturally they have to have admin rights to perform this task. However, is it possible to set it up that they can't reset passwords for users?
0
maxkelpie
Asked:
maxkelpie
2 Solutions
 
Kyle AbrahamsSenior .Net DeveloperCommented:
You can create a local admin account or grant their domain account local admin priveleges on the box in question.  They'd be able to reset passwords for local users on that box but not domain users.
0
 
becraigCommented:
You can group them all in one OU and then delegate permission to only reset passwords on their own OU.

Open ADUC  right click on OU you created and click on delegate control
Then follow the delegation control wizard to delegate the required permission (in this case password reset)
Simply click the button only the following object and check the users in that OU, then once in the permissions screen check the required option change password, reset password etc.

The wizard should be pretty intuitive.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now