User Delegation question

flames1000flames1000 Member Posts: 49 ■■□□□□□□□□

Im delegating some user account stuff to our Jr Helpdesk guy. He basically will be able to create computer and user accounts and add or remove users from groups. The problem that im running into is he can manage group accounts, but we do not want him to be able to add himself to select groups, but be able to add users to the rest of them (security groups)

I added myself to the PC support security group to which i will delegate permissions to and select security and deny add/remove self as member and selected deny. Im wondering if its better to put the security groups into another OU from where we keep everything and deny permissions to it.

Is there an easier way to do this?




  • tibultibul Member Posts: 240
    You could apply a restricted groups policy in a GPO thats linked to say an OU or all of the domain, this way you can specifiy that he is to be restricted from being a member of specific groups.
    Studying 70-292.
    Aiming for MCSA: Security and 2003 upgrade.
Sign In or Register to comment.