AD User Accounts Not Inheriting Permissions
At one site we have had a recurring issue where (in Active Directory) user accounts don't keep the "Inherit permissions" setting (on the users themselves). We resolved the issue once before by creating new OUs, and new user groups and moving all of the accounts, however the issue has returned with the new settings. While this doesn't have too much impact on the system, the main issue is that is means we can't allocate Staff permission to reset student passwords.
One of my co-workers tried running a script to re-enable the setting, however it only stayed set for 10 mins or so (i'm not sure how he did it in the script, he's the scripting guy, i'm the networking guy :P)
Manually enabling "inherit permissions" doesn't stay set.
Wondering if anyone has seen this before, and how they resolved it. Alternatively, as a work around if we could script it so that we add the rights for the staff usergroup to reset passwords on their accounts individually that could be useful, too.
We are running Windows Server 2003 R2, with the forest and domain schemas to match