Delegation wizard

K

KaiserVunderBar

Hello
Can somebody correct me if I am wrong but, when you delegate control to a
user for an OU that user cannot modify any of their properties? I have
delegated control and the user cannot modify their own logon script yet the
user can modify anybody elses in the same OU. Any ideas??
 
H

Herb Martin

No reason not to be able to modify their own properties.

Do notice that a user doesn't have to be IN the OU to be
delegated control of it.
 
K

KaiserVunderBar

The user in question is in the OU, believe me I'm perplexed. Even if I give
FC on security for the OU and FC for the GPO still cannot modify profile tab
properties
 
H

Herb Martin

The GPO permissions are unrelated (although you might want that for other
reasons)
to the actual permissions on the user objects.

Are you "propagating" those permissions when you change the OU?

Just like in the file system, changes to a "parent container" (directory
or OU) have NO EFFECT one a child object (e.g., file or user)
unless you choose to propagate.

Since propagate is the default with some tools, many people are
unaware of this simple permission rule.

Permissions on the PARENT OBJECT are UNRELATED to
permissions on the CHILD object -- except through historical
accident.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Delegating Administration 1
Access denied when attempting to create a new GPO 1
Delegation of control 1
Delegation to create mail-enabled users 2
delegation of Control 1
AD permissions 5
Delegate Control of OU Help Needed 1
Delegated Authority 2

Top