Announcement

Collapse
No announcement yet.

Delegation Rights

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Delegation Rights

    I've created a delegation group.. which has been working well. However recently my Helpdesk staff has said they've been unable to reset certian user accounts. Sure enough when I login using an account in the Helpdesk group I also cannot reset certian accounts.

    My question is why is this like this? Same OU's.. only some users are not editable where others are.

  • #2
    Re: Delegation Rights

    Hello There, what Windows Server you are using ? have you checked if it's not in Read-Only mode ? or protected mode ? Tell us a little bit of you current settings.

    Regards
    Kevin

    Comment


    • #3
      Re: Delegation Rights

      Thanks for the reply Kevin. This is Windows Server 2003.

      How can I go about checking about Read-Only/Protected mode?

      Comment


      • #4
        Re: Delegation Rights

        Hey there, in win2003 i dont know if that option is available. in win2008 it is, but anyway i think it's only to protect for accidental delete. So back to the begining. Thos users are in the same OU, but all of them are in the same group ? they are all member of the same group ? Is it always the same users that you cannot reset? or it's random ?

        Regards
        Kevin

        Comment


        • #5
          Re: Delegation Rights

          As far as I can tell it's the same group of users. For example: two users in the same OU. Both are members of the same 4 groups. The only exception is one user is a member of one printer group, while the other is a member of a different printer group. However one is editable, and the other is not.

          Comment


          • #6
            Re: Delegation Rights

            Also if I view the Effective Permissions for my Helpdesk user, one account has all the needed permissions (List Contents, Read/Write All Properties, Delete, etc.) while the other account has only List Contents, Read All Properties.. and a few more.

            This is the same OU.

            Comment


            • #7
              Re: Delegation Rights

              Well, do you have only one helpdesk user? probably who created the user created with the wrong permitions?. Probably it's a problem beyond my brain. Let's see if any of the experienced user in active directory gives an opinion.
              Next time dont write a new post, just edit the last post and add what you want to say so that this doesen't get to big. Sorry for not helping you more.

              Regards
              Kevin

              Comment


              • #8
                Re: Delegation Rights

                hmm.. interestingly enough I found that "Allow inheritable permissions.." was disabled on the non-editable accounts. After enabling this setting, my Helpdesk account can now edit.

                Glad it's working.. however why did this happen? And is there a way to check all the accounts or will I have to go down the domain one user at a time?

                Comment


                • #9
                  Re: Delegation Rights

                  Well, what i can say, probably the way you ticked that option, somebody unticked. I dont really know if it's possible to do it with a group of users. create 2 ou 3 test users and see if it's possible...but i don't thinl so. Glad you solved it out.

                  Regards
                  Kevin

                  Comment


                  • #10
                    Re: Delegation Rights

                    Just another reason why I'm restricting the Helpdesk! Thanks again for the help Kevin.

                    Comment

                    Working...
                    X