Same setup here!Originally Posted by bossman
Same setup here!Originally Posted by bossman
All teachers in our school have access to all pupils home directories as a simple shared drive. They currently don't have access to anything else.
My boss, the bursar, is a domain admin - and a pile of documentation on how to do things should I, for some reason, be off for a prolonged period of time.
Thats it. The only other people with admin accounts are our sims support team/county council support team.
No-one else is permitted to access the AD, and if it were requested I would throw all the toys out of my pram :P
I understand where you're coming from; perhaps your end users aren’t as forgetful as everyone I've worked with.
Allowing our IT Teaching staff (who have basic IT skills) to be able to reset students passwords using Delegation of Control and a Custom MMC, this has allowed for my life to no longer be taken up by silly password resets!
The IT teaching staff can only reset student passwords from our Top Level Pupils OU through to the entry years of the students. Using a custom MMC they can’t see the other OU’s nor have any control over them.
Our teaching staff refused to be allowed to change student passwords as it was an "admin" job. They're still happy to waste time on the phone requesting them though.
Oh, they forget! Our year 5's forget how to spell their own names - and that is obviously the server's fault.Originally Posted by plock
Would you prefer to spend time resetting passwords than completing useful tasks such as improving network performance?
There is no harm in Delegating Control of ONLY the ability to reset STUDENT passwords from my point of view.
Teachers cannot change passwords and when brought up it was decided it was not their job so would not do it. We do have a couple of teachers who can browse through to pupils areas to access work etc. This has saved time when pupils are working in groups and one of them is off.
As for access to the server, I doubt anyone would want it and I certainly wouldn't give it them. Not without a big disclaimer covering me anyway
I agree no access to the server, including Active Directory! Only a Custom MMC which allows them access to the Pupils OU with only 'password reset' rights.
In my experience the IT teaching staffs have been more than willing to complete this. Firstly they admit it speeds up their lessons and saves us time.
Thanks for the responses.
Apologies for the confusion, the teacher hasnt stated that she'd want to view students 'my docs' folders. Just their user profile ala active directory. I'd like to let her use active directory but in a very limited capacity. Without giving her admin rights and/or giving her the password to the server. So a shortcut on her desktop/start menu to a restricted active directory is what I'm after.
The teacher wants to be able to view pupil/staff's username, so that she can see if whatever theyre typing isnt using the correct upper or lower case characters. She wants to be able to view the usernames in a list so that at a glance she can see. what the situation is.
To top it off she'd like to be able to reset the passwords.
Ive tried the custom mmc suggestion. So she'd be able to view/reset users/passwords. However as the active directory is on the server, I am unable to create a working shortcut to the mmc I created.
If they want to check usernames, you can just export them into an excel spreadsheet. As for password changes, I dont allow it so dont know, but following the instructions from all those have said should help.
You can save the MMC and send it her.
Login usernames are not case sensitive. Even so, I suspect the spreadsheet approach will work for this.The teacher wants to be able to view pupil/staff's username, so that she can see if whatever theyre typing isnt using the correct upper or lower case characters. She wants to be able to view the usernames in a list so that at a glance she can see. what the situation is.
I think Delegation with a cut down MMC is the way to go with this.To top it off she'd like to be able to reset the passwords.
@Olumite: I would be asking the teacher what qualifies her to ask for this and what information does she expect to glean from access to the AD.
Is it for some sort of research that she is doing if so setup a server on VM with all the access rights that she needs and let her play nice.
I think what she is asking is really outside her remit as a teacher but then that is my own views on this.
Sorry Geoff: didn't read your post fully.
I totally agree with your solution.
You will need the adminpak installed on the client that you want to run your MMC from. Then simply delegate control and away you go.
There are currently 1 users browsing this thread. (0 members and 1 guests)