Computing.Net > Forums > Windows Server 2003 > Admin Rights

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

Admin Rights

Reply to Message Icon
Original Message
Name: rajoo_sh
Date: April 14, 2008 at 21:35:00 Pacific
Subject: Admin Rights
OS: win2k3 server
CPU/Ram: core 2 duo 2.2
Model/Manufacturer: Intel (assembled machine)
Comment:

Hi,

In a win2k3 domain I want to assign only the domain user's password reset rights to a user, I don't want this user to even view the group policy of the organizational unit. And if possible the other properties of the user object, I want only the password reset option available or something very restrictive.

Regards


Report Offensive Message For Removal

Response Number 1
Name: Jestible
Date: April 15, 2008 at 08:02:03 Pacific
Subject: Admin Rights
Reply: (edit)

Huh, can you rephrase it or am I to slow to understand this question?

Holy Wow.


Report Offensive Follow Up For Removal

Response Number 2
Name: lordstorm
Date: April 15, 2008 at 12:53:08 Pacific
Subject: Admin Rights
Reply: (edit)

you can set each user to have the ability to renew their own password and you can also force the user to reset their password when they login the next time. This is all done in the Active Directory/User Properties/Account Tab/Account Options.


Report Offensive Follow Up For Removal

Response Number 3
Name: rajoo_sh
Date: April 15, 2008 at 22:11:17 Pacific
Subject: Admin Rights
Reply: (edit)

Off course I can rephrase it, I want to create an admin user who can reset passwords of other users in any Organizational unit using dsa.msc.

But this admin user should not be able to view the group policies or perform any other action except this password reset.

Its better I hope :-)


Report Offensive Follow Up For Removal

Response Number 4
Name: Glen
Date: April 16, 2008 at 09:56:00 Pacific
Subject: Admin Rights
Reply: (edit)

You can delegate admin rights to users. Open ADUC and right click on the OU. You'll have to do this per OU if you have several. Select Delegate Control. Go through the wizard. There is an option there that will only allow the resetting of passwords.

Good luck.


Report Offensive Follow Up For Removal







Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Admin Rights

Comments:
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



Batch file hostname to dns

Routing and Remote Access

System Restore 50 gigs?

Remote Networking in Mac OS X 10.5

Locked out of Windows XP Pro

All Posts Awaiting Replies