|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
01-13-2009
| #1 (permalink) |
| | Resetting user passwords Greetings! Here's the objective: I would like to pass off resetting user passwords on user accounts to the administrators of each site. The administrators do not have domain admin access. All they should be able to do is reset passwords, enable accounts, and disable accounts. Each site is in it's own OU along with the sites users. Administrator from site A should not be able to see and access other users from site B, C, D and so on. Can this be scripted? TIA Chris |
My System Specs |
|
01-13-2009
| #2 (permalink) |
| | Re: Resetting user passwords To prevent each Local Admin for changing other OU's user accounts, you need to set up rights delegation at the OU level. I have done this and it works very well. For example: dsacls ou=%OUPath% /I:S /G "%LocalAdminGroup%:CA;Reset Password;user" Will grant the right to change passwords. -- Tim. "chris" <racerx@xxxxxx> wrote in message news:u8IplkWdJHA.3708@xxxxxx Quote: > Greetings! > > Here's the objective: > > I would like to pass off resetting user passwords on user accounts to the > administrators of each site. > > The administrators do not have domain admin access. All they should be > able to do is reset passwords, enable accounts, and disable accounts. > > Each site is in it's own OU along with the sites users. > > Administrator from site A should not be able to see and access other > users from site B, C, D and so on. > > Can this be scripted? > > TIA > > Chris |
| My System Specs |
|
01-13-2009
| #3 (permalink) |
| | Re: Resetting user passwords On Tue, 13 Jan 2009 08:45:12 -0500, Tim Munro wrote: Quote: > To prevent each Local Admin for changing other OU's user accounts, you > need to set up rights delegation at the OU level. I have done this and > it works very well. > For example: > > dsacls ou=%OUPath% /I:S /G "%LocalAdminGroup%:CA;Reset Password;user" > > Will grant the right to change passwords. > > -- > Tim. > > > "chris" <racerx@xxxxxx> wrote in message > news:u8IplkWdJHA.3708@xxxxxx Quote: >> Greetings! >> >> Here's the objective: >> >> I would like to pass off resetting user passwords on user accounts to >> the administrators of each site. >> >> The administrators do not have domain admin access. All they should be >> able to do is reset passwords, enable accounts, and disable accounts. >> >> Each site is in it's own OU along with the sites users. >> >> Administrator from site A should not be able to see and access other >> users from site B, C, D and so on. >> >> Can this be scripted? >> >> TIA >> >> Chris local or domain admin privs. They are just users. I do know I can give them access via the OU as you mentioned however, I'm looking for something easy for an end user to use to reset passwords for the users in the same OU as the site admin. Perhaps I mislead you with site admin. Site meaning the physical location. admin as in some use that has the ability to reset password without any elevated access. |
| My System Specs |
|
01-14-2009
| #4 (permalink) |
| | Re: Resetting user passwords OK, perhaps I used "Local Admin" a little too losely. The concept remains valid however. Rights delegation and group membership is the way to go, and probably the easiest to manage down the road. No "elevated" rights required. -- Tim "chris" <racerx@xxxxxx> wrote in message news:%23%23TJJ5ddJHA.556@xxxxxx Quote: > On Tue, 13 Jan 2009 08:45:12 -0500, Tim Munro wrote: > Quote: >> To prevent each Local Admin for changing other OU's user accounts, you >> need to set up rights delegation at the OU level. I have done this and >> it works very well. >> For example: >> >> dsacls ou=%OUPath% /I:S /G "%LocalAdminGroup%:CA;Reset Password;user" >> >> Will grant the right to change passwords. >> >> -- >> Tim. >> >> >> "chris" <racerx@xxxxxx> wrote in message >> news:u8IplkWdJHA.3708@xxxxxx Quote: >>> Greetings! >>> >>> Here's the objective: >>> >>> I would like to pass off resetting user passwords on user accounts to >>> the administrators of each site. >>> >>> The administrators do not have domain admin access. All they should be >>> able to do is reset passwords, enable accounts, and disable accounts. >>> >>> Each site is in it's own OU along with the sites users. >>> >>> Administrator from site A should not be able to see and access other >>> users from site B, C, D and so on. >>> >>> Can this be scripted? >>> >>> TIA >>> >>> Chris > No no - you didn't read what I said. Each site admin does NOT have either > local or domain admin privs. They are just users. > > I do know I can give them access via the OU as you mentioned however, I'm > looking for something easy for an end user to use to reset passwords for > the users in the same OU as the site admin. > > Perhaps I mislead you with site admin. Site meaning the physical > location. admin as in some use that has the ability to reset password > without any elevated access. |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Stored User Names and Passwords | Tutorials | |||
| Where does Vista Store the User passwords | General Discussion | |||
| Remember user id and passwords | Vista General | |||
| User passwords | Vista General | |||
| Resetting passwords for Vista Home Premium | Vista account administration | |||
