The manual should say admins with system privilege OR unrestricted or
restricted policy privilege can do this.

If you give your platform specialists restricted policy privilege to one (or
more) domain, they can register, unregister, lock, unlock, and change
passwords for nodes in that domain only.   They can't affect clients in the
OTHER policy domains.

I do this for several groups, for just the reasons you describe.  Greatly
helps offload work from us system admins!



-----Original Message-----
From: brian welsh [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 04, 2002 5:00 PM
To: [EMAIL PROTECTED]
Subject: Unlock privilege


Hello,

In our company we have several units for different platforms, f.i. AIX, NT,
Sun and so on.

The units (platform-specialists) are doing there own restores and every
platform has one or more policy domains with different management classes.
We are using password access generate. So after password expiration the
platform-admins don't know the password for the client in case of restore a
machine from scratch, and have to contact our unit (Stor. Man). Sometimes
they type in a wrong password and node is locked. We want to use an admin
that can unlock the client-node and update the password in case of restores
so the platform-admins don't have to call our unit (storage Man.) and don't
loose time in case of quick install.

The manual is saying that admins with system privilege, and unrestricted and
restricted policy privilege can lock/unlock and update passwords. The
problem is that this is too much privilege.

I was wondering how other sites are dealing with this issue.

Thanks,

Brian.




_________________________________________________________________
Chat on line met vrienden en probeer MSN Messenger uit:
http://messenger.msn.nl

Reply via email to