?
=?ISO-8859-1?Q?Fran=E7ois_Beretti?=
Hello
I use windows 2003 server
I want to let a group of my domain reset the passwords of the print
operators group members. I can't.
As I saw, the control delegation can only be applied to a container. But
members of protected groups don't inherit the access control rule
applied on their container that allows users to reset their password.
I tried to set the "reset password" right applied on User objects from
the security properties of the AdminSDHolder object (using ADSI Edit),
but, even if I see the right on the members entries (one hour later),
that does not work, since it is an inherited right (inherited by the
User objects) and the protected groups members forbid the inheritance.
If I set the right directly on the user entry, that works, but I believe
that it is removed every hour by the AdminSDHolder security descriptor.
Any idea ?
François Beretti
I use windows 2003 server
I want to let a group of my domain reset the passwords of the print
operators group members. I can't.
As I saw, the control delegation can only be applied to a container. But
members of protected groups don't inherit the access control rule
applied on their container that allows users to reset their password.
I tried to set the "reset password" right applied on User objects from
the security properties of the AdminSDHolder object (using ADSI Edit),
but, even if I see the right on the members entries (one hour later),
that does not work, since it is an inherited right (inherited by the
User objects) and the protected groups members forbid the inheritance.
If I set the right directly on the user entry, that works, but I believe
that it is removed every hour by the AdminSDHolder security descriptor.
Any idea ?
François Beretti