No announcement yet.

Use of MMC for delegating admin task

  • Filter
  • Time
  • Show
Clear All
new posts

  • Use of MMC for delegating admin task

    Hello everyone, this is my first time in the forum so please consider I am a dummy.
    In my spare time I take care of managing a training room (pc laboratory) in a primary school.
    A win 2003 server SP1 with AD structure and XP SP2 clients is the enviroment I have to deal with.
    Because the young students forget their password quite often, I would appreciate to delegate the "resetting passwords of domain users" task to one teacher who isn't administrator in the network.
    I wouldn't like her to acces to the server; I understood that it should be possible to delegate this task to this specific user, creating a msc file she could run from her teacher desktop.
    Could you please confirm this is possible and it is the best way to approach this problem?

    Many thanks in advance


  • #2
    Re: Use of MMC for delegating admin task

    Create a Group called "Teachers". Add the teacher to the group. Find the OU with the pupils in it, right-click it, and select "Delegate Control". Use the wizard to allow the "Teachers" group to reset passwords for the Pupils' OU, and anything else you would like them to do.

    On the teacher's workstation, log in as the teacher. run "MMC" as the domain administrator, add "Active Directory Users and Computers" snap-in, and browse to the pupils' OU. Click "Action", "New window from here". Maximise the window. Click "File...Options". Select "Limited User Mode". Click "OK". Click "File...Save As" and save the console to the desktop.

    Close AD Users and Computers. Double-click the new console icon on the desktop and test that you can only see pupils and that you can reset their passwords.

    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you