Home
Certification Preparation
Microsoft
MCSA / MCSE on Windows 2003 General
User Delegation question
flames1000
Hi,
Im delegating some user account stuff to our Jr Helpdesk guy. He basically will be able to create computer and user accounts and add or remove users from groups. The problem that im running into is he can manage group accounts, but we do not want him to be able to add himself to select groups, but be able to add users to the rest of them (security groups)
I added myself to the PC support security group to which i will delegate permissions to and select security and deny add/remove self as member and selected deny. Im wondering if its better to put the security groups into another OU from where we keep everything and deny permissions to it.
Is there an easier way to do this?
thanks!
Flames
Find more posts tagged with
Comments
tibul
You could apply a restricted groups policy in a GPO thats linked to say an OU or all of the domain, this way you can specifiy that he is to be restricted from being a member of specific groups.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
