User rights?

  • Thread starter Thread starter KA Kueh
  • Start date Start date
K

KA Kueh

Guest
Dear all,

I need to allow one technical staff the ability to only manage users account
in my domain? What is the appropriate user rights/permission that I should
give for that the work? FYI, I do not want to assign the user as
Administrator or Administrator group. thanks.

Regards,
Kueh.
 
Re: User rights?

KA Kueh <KAKueh@hotmail.com> wrote:
> Dear all,
>
> I need to allow one technical staff the ability to only manage users
> account in my domain? What is the appropriate user rights/permission
> that I should give for that the work? FYI, I do not want to assign
> the user as Administrator or Administrator group. thanks.
>
> Regards,
> Kueh.

Use AD delegation. Rather than doing this for one user, I would instead
delegate rights to an AD security group (called "Helpdesk" or something) and
make the user a member of that group.
http://windowsitpro.com/article/articleid/45841/ad-delegation-eases-administration.html
may help you get started.

Then, if they have the admin tools on their workstation, you can set up a
custom MMC taskpad for them to do what they need, such as change passwords,
etc.

http://www.petri.co.il/create_taskpads_for_ad_operations.htm may help.
 
Re: User rights?

Hi,

Thanks for the info. I will take a look. Thanks.

Regards,
Kueh.


"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
news:e4s%23%23OtpIHA.4884@TK2MSFTNGP06.phx.gbl...
> KA Kueh <KAKueh@hotmail.com> wrote:
>> Dear all,
>>
>> I need to allow one technical staff the ability to only manage users
>> account in my domain? What is the appropriate user rights/permission
>> that I should give for that the work? FYI, I do not want to assign
>> the user as Administrator or Administrator group. thanks.
>>
>> Regards,
>> Kueh.
>
> Use AD delegation. Rather than doing this for one user, I would instead
> delegate rights to an AD security group (called "Helpdesk" or something)
> and make the user a member of that group.
> http://windowsitpro.com/article/articleid/45841/ad-delegation-eases-administration.html
> may help you get started.
>
> Then, if they have the admin tools on their workstation, you can set up a
> custom MMC taskpad for them to do what they need, such as change
> passwords, etc.
>
> http://www.petri.co.il/create_taskpads_for_ad_operations.htm may help.
>
 
Re: User rights?

KA Kueh <kka@ksm.com.my> wrote:
> Hi,
>
> Thanks for the info. I will take a look. Thanks.
>
> Regards,
> Kueh.

You're welcome - good luck.
>
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
> message news:e4s%23%23OtpIHA.4884@TK2MSFTNGP06.phx.gbl...
>> KA Kueh <KAKueh@hotmail.com> wrote:
>>> Dear all,
>>>
>>> I need to allow one technical staff the ability to only manage users
>>> account in my domain? What is the appropriate user
>>> rights/permission that I should give for that the work? FYI, I do
>>> not want to assign the user as Administrator or Administrator
>>> group. thanks. Regards,
>>> Kueh.
>>
>> Use AD delegation. Rather than doing this for one user, I would
>> instead delegate rights to an AD security group (called "Helpdesk"
>> or something) and make the user a member of that group.
>> http://windowsitpro.com/article/articleid/45841/ad-delegation-eases-administration.html
>> may help you get started.
>>
>> Then, if they have the admin tools on their workstation, you can set
>> up a custom MMC taskpad for them to do what they need, such as change
>> passwords, etc.
>>
>> http://www.petri.co.il/create_taskpads_for_ad_operations.htm may
>> help.
 
Back
Top