+ Post New Thread
Results 1 to 8 of 8
Network and Classroom Management Thread, Deligation of account control in Technical; Hi all, does anyone know of any means of giving certain members of staff the ability to lock, unlock and ...
  1. #1

    Join Date
    Oct 2009
    Posts
    70
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    10

    Deligation of account control

    Hi all,

    does anyone know of any means of giving certain members of staff the ability to lock, unlock and change password on user accounts?

    i know that you can deligate under AD but i dont want to give staff access to MMC

    A web based solution would be preferable

    Cheers

  2. #2
    linkazoid's Avatar
    Join Date
    May 2007
    Location
    London
    Posts
    633
    Thank Post
    111
    Thanked 88 Times in 72 Posts
    Rep Power
    78
    Delegate control in MMC then install Password Reset from Wisesoft.co.uk on the teachers PC.

    Works Great Here.

    Michael

  3. Thanks to linkazoid from:

    simpsonj (18th January 2010)

  4. #3

    Join Date
    Oct 2009
    Posts
    70
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    10
    Excellent, thanks... i'll give it a go

  5. #4

    Join Date
    May 2008
    Posts
    60
    Thank Post
    1
    Thanked 7 Times in 7 Posts
    Rep Power
    22
    The problem I see with this route is that this solution actually gives the selected staff complete control over all accounts, including admin accounts and other staff members. Not sure if this is a good thing.

  6. #5
    linkazoid's Avatar
    Join Date
    May 2007
    Location
    London
    Posts
    633
    Thank Post
    111
    Thanked 88 Times in 72 Posts
    Rep Power
    78
    You can delegate to groups or OU's IIRC. Staff here can only change student passwords.

    Only we can change staff passwords.

    Michael

  7. #6

    Join Date
    Oct 2009
    Posts
    70
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    10
    Quote Originally Posted by zippo View Post
    The problem I see with this route is that this solution actually gives the selected staff complete control over all accounts, including admin accounts and other staff members. Not sure if this is a good thing.

    I dont think it will as they log in with their own network credentials,

    so long as the delegation security on the OU is set correctly they shouldn't be able to make any changes to users accounts...
    They might well be able to see all accounts but not necessarily do anything with them.

    dont worry it will be rigerously tested first

  8. #7
    waldronm2000's Avatar
    Join Date
    Dec 2009
    Location
    Southend
    Posts
    129
    Thank Post
    49
    Thanked 12 Times in 11 Posts
    Rep Power
    11
    You could create a taskpad view in MMC with just the tasks you've delegated, lock it down, and just give them access to that.

  9. Thanks to waldronm2000 from:

    timethrow (21st January 2010)

  10. #8

    Join Date
    Oct 2009
    Posts
    70
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    10
    OK - i've tested out the various options but am still at a loss.

    Wisesoft password control works brilliantly for sorting out individual accounts but the bulk control is seemingly quite unsecure when in the hands of staff as it appears to allow them to enable and disable any account they wish, i dont beleive they could change password without permission but this ability alone could cause all sorts of issues.

    Taskpad view also appear to work well but would require another OU to be created and giving the users higher level local access before it'll allow them into MMC author mode.

    The reason (before being asked) for needing bulk control is the introduction of various IT based exams in ICT, Business studies, etc. we've a set of exam accounts that need to be locked and unlocked during exam times, it would make it far easier for the staff running the exams to be able to do this temselves.

  11. Thanks to timlineuk from:

    timethrow (21st January 2010)

SHARE:
+ Post New Thread

Similar Threads

  1. Zimbra AD Account Email Account Link
    By kmount in forum *nix
    Replies: 10
    Last Post: 4th June 2011, 03:14 PM
  2. Account Locking Out
    By Techdw in forum Windows
    Replies: 4
    Last Post: 30th March 2009, 10:03 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •