Announcement

Collapse
No announcement yet.

Group Policy to Help desk agent

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Group Policy to Help desk agent

    Hi All,

    I am working as Helpdesk agent for a big firm and started learing AD. Let me explain my question:

    1.) I have access to AD in Server 2003 where i can perform only A/C unlocks and password reset but i cannot add users to any security groups

    2.) When users ask for permission to access any folder on a file server and when right click and go to properties of that folder, i cannot find the security tab.

    Because of the above i need to open a request to server team to fix the issue.
    May i know what kind of GPO my account is in ?

  • #2
    Re: Group Policy to Help desk agent

    A custom one, but you will need to ask the server team as they will have set them up
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Group Policy to Help desk agent

      Thanks for the reply.

      I have created a domain client environment at my home PC using the VM ware.
      I would like to set the user as helpdesk agent and need to give them restricted access in the AD as i do at work.

      Below is the requirement:

      1. Account unlock and password reset.
      2. Hide the security tab for all the folders in the file server and print server.


      Your help will be much appreciated !

      Comment


      • #4
        Re: Group Policy to Help desk agent

        Your user account at work might have permission to run rsop.msc which shows the results of all of the Group Policies applied to your user and computer. I would suggest speaking to your IT staff first though, as I have known some administrators to consider this a breach of their security policy (don't go there).
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Group Policy to Help desk agent

          have a look at the Delegation Wizard in AD.
          The Delegation Wizard can be used to delegate rights to a user, so your account would be delegated the rights to reset passwords for instance.

          This is very common in large organisations.
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: Group Policy to Help desk agent

            Again thanking all for replies.

            May i know how to go to the delegation wizard ?

            At home i created two domains. One named server2.london.com (192.168.1.200) and another server1.sydney.com (192.168.1.100). I forwarded the IPs in both the domains and now i could access server1 from server2 and viceversa.

            I shared a folder in server2. Gave the permission to domain local security group called forestgroup in server2. Created global security group called opsmanager in server1.

            I am trying to add opsmanager group in server1.sydney.com to forestgroup so that a user in opsmanager can access files in shared folder in server2.london.com.

            Please help !
            Last edited by karthik1986; 20th December 2011, 17:45. Reason: grammer mistake

            Comment


            • #7
              Re: Group Policy to Help desk agent

              Are both domains in the same forest?
              If so, universal groups will help
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: Group Policy to Help desk agent

                if i create a universal group, i cannot choose it as security group.

                If i add any group created in server 1 to a group created in server 2, i cannot add it. it is not able to resolve groups or users from server1 domain to server2 domain.
                Last edited by karthik1986; 20th December 2011, 19:28. Reason: adding more info

                Comment


                • #9
                  Re: Group Policy to Help desk agent

                  Remember AGULP
                  Accounts (in domain 1) go into Global Groups in that domain
                  Global Groups go into a Universal Group (belongs to the forest)
                  GG goes into Domain Local group in domain 2
                  Permissions in domain 2 are granted to the DL group
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment

                  Working...
                  X