No announcement yet.

Delegate "Delete Computer object" to group

  • Filter
  • Time
  • Show
Clear All
new posts

  • Delegate "Delete Computer object" to group


    I am trying to grant Delete Computer rights to a group. I tried granting "Delete Computer object" on the OU but that does not work. If followed this:

    but it doesn't let the users delete a computer object. If I select DELETE (check mark it under Allow) on the OU for that group, the users can remove computer object.

    I am worried that DELETE might be too much for that group, I want them to only have permission to delete computer objects, nothing else. Is there a way?



  • #2
    Re: Delegate "Delete Computer object" to group

    I haven't dug into this before but I think the issue is that computers can contain other objects (like printers and shares). You could try granting the delete permissions to computers, printers, and shares to see if that allows the users to delete the computers.

    Network Consultant/Engineer
    Baltimore - Washington area and beyond


    • #3
      Re: Delegate "Delete Computer object" to group

      Make sure that 'Protect object from accidental deletion' is not checked for the object.

      In ADUC under View enable Advanced features, then look at the Object tab on the Properties of the object and make sure the accidental deletion box is not ticked.

      If it is checked a message appears stating you do not have permission to delete the object if you try to delete it.
      A recent poll suggests that 6 out of 7 dwarfs are not happy