Delegate the permissions for this user over the scope you need. Give out just the perms you require, have a quick read on Delegated Permissions. The gui is pretty simple if you want that route. ________________________________ From: Heaton, Joseph@DFG [jhea...@dfg.ca.gov] Sent: Wednesday, February 29, 2012 11:20 AM To: NT System Admin Issues Subject: Roles in AD
I know that Exchange has RBAC roles. Does AD itself have this type of functionality? We’re trying to create least privilege type situation for our field support so that they can edit contact info, and reset passwords, and unlock accounts, but pretty much nothing else. Joseph L. Heaton Staff Information Systems Analyst Windows Server Support Information Technology Branch Department of Fish and Game 1807 13th Street, Suite 201 Sacramento, CA 95811 (916) 323-1284 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
