<div>
Make a list of actions you want them to do in AD and where these actions should be scoped to. For example, you may want them to have the create computer account permission under a specific OU.<br />
<br />
Then use the delegate control wizard to assign these permissions to their group.
</div>


Make a list of actions you want them to do in AD and where these actions should be scoped to. For example, you may want them to have the create computer account permission under a specific OU.

Then use the delegate control wizard to assign these permissions to their group.

<div>
What do you mean by IT-intern account, can you explain more. What are you trying to achieve?
</div>


What do you mean by IT-intern account, can you explain more. What are you trying to achieve?

<div>
To start off with... don't allow them to be administrators of their computers. Other then that they are pretty much like regular employees aren't they? There is no hard and fast rule as far as what you allow and what you don't. Each company is different. You sometimes have to decide and implement on the fly.
</div>


To start off with... don't allow them to be administrators of their computers. Other then that they are pretty much like regular employees aren't they? There is no hard and fast rule as far as what you allow and what you don't. Each company is different. You sometimes have to decide and implement on the fly.

<div>
<div class="content wysiwyg-content">
What is the best way to lock down IT-Intern accounts within active directory? I created a group and added them to group. At the root of AD, I went to security and modified IT-Intern group to only Read-Only, however not sure what else I should do. Is this the best way? Thoughts? Thanks.<br />
<br />
nimdatx
</div>
</div>


What is the best way to lock down IT-Intern accounts within active directory? I created a group and added them to group. At the root of AD, I went to security and modified IT-Intern group to only Read-Only, however not sure what else I should do. Is this the best way? Thoughts? Thanks.

nimdatx

Lock down IT Intern accounts

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Microsoft Windows XP is the sixth release of the NT series of operating systems, and was the first to be marketed in a variety of editions: XP Home and XP Professional, designed for business and power users. The advanced features in XP Professional are generally disabled in Home Edition, but are there and can be activated. There were two 64-bit editions, an embedded edition and a tablet edition.

Windows XP

IT Administration is the processes and best practices for programming and development, and incorporates methodologies for managing activities and projects. Common methodologies include waterfall, prototyping, iterative and incremental development, spiral development, rapid application development, extreme programming and various types of agile methodology. The life-cycle "model" is a more general term for a category of methodologies, and a software development "process" a more specific term to refer to a specific process chosen by a specific organization.