+ Post New Thread
Results 1 to 6 of 6
Windows Server 2008 R2 Thread, Allowing student password changes for non-admin teacher in Technical; Hi, I have a small network running 2008 r2 with windows 7 clients. I have been asked to give one ...
  1. #1

    Join Date
    Apr 2011
    Posts
    52
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Allowing student password changes for non-admin teacher

    Hi,

    I have a small network running 2008 r2 with windows 7 clients. I have been asked to give one of the teachers the ability to change passwords for students and I'm wondering what is the best way to go about this.

    I have already delegated control of the ou to his account, it is now just a matter of how he gains access to active directory users and computers to change the passwords.

    Is it best to install rsat on his workstation and just create a shortcut or is it best to create a custom mmc?

    As I don't normally deal with windows 7 and 2008 r2 I find UAC annoying because I keep forgetting about it. This user does not have any admin rights, is this going to cause me a problem? I can't find a definite answer on whether or not he has to be a local admin to run either mmc or any of the rsat tools.

    I am going to visit the site for a couple of hours and I would like to have a clear idea of what needs to be done, I got caught out by UAC a few weeks ago and no matter how much I tried I couldn't get a simple standalone flash application to run on anything but an admin account.

    Any help would be much appreciated.

    Thanks in advance

  2. #2
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    East Yorkshire
    Posts
    2,171
    Thank Post
    440
    Thanked 238 Times in 217 Posts
    Blog Entries
    2
    Rep Power
    68
    go to WiseSoft.co.uk Software and download and use Password Control.

    Easy enough to use, we rolled it out to all the tutors on the college network - all they need to do is type in a persons name and it will show the username for that user then just change the password.

    Simple.

  3. #3

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,104
    Thank Post
    512
    Thanked 2,312 Times in 1,788 Posts
    Blog Entries
    24
    Rep Power
    803
    I created a little application just for this sort of thing - take a look, it might be just what you want.

    Simple password reset app for staff

  4. #4

    Join Date
    Apr 2011
    Posts
    52
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I just installed this wisesoft application on my test network and it seems to be exactly what I am looking for. Are there any issues running this with a non-admin account on a windows 7 workstation?

    I see that this allows the user to enable and disable accounts, is the ability to do this covered by delegating the basic password reset using the delegation of control wizard or do I need to customise permissions to allow the teacher to do this too?

    Thanks for your help.

  5. #5

    Join Date
    Nov 2010
    Location
    Sydney, Australia
    Posts
    24
    Thank Post
    3
    Thanked 2 Times in 2 Posts
    Rep Power
    7
    When you delegated access to the OU you choose which rights to grant. If you use the Delegate Control wizard it has a checkbox for what to grant, if you only gave "Reset user password and force password change at next logon" that is all they can do.

    I would also recommend only assigning this to groups rather than users (add user to group) otherwise if that user ever leaves you end up with unresolvable SIDs through your AD.

  6. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,104
    Thank Post
    512
    Thanked 2,312 Times in 1,788 Posts
    Blog Entries
    24
    Rep Power
    803
    Quote Originally Posted by ruddj View Post
    When you delegated access to the OU you choose which rights to grant. If you use the Delegate Control wizard it has a checkbox for what to grant, if you only gave "Reset user password and force password change at next logon" that is all they can do.

    I would also recommend only assigning this to groups rather than users (add user to group) otherwise if that user ever leaves you end up with unresolvable SIDs through your AD.
    Indeed. In the readme for my app, I detailed the permissions you'd need to delegate for password reset/change, unlocking an account and setting the account to force password change on next login. I believe the setting used to force password change also stores whether the account is enabled/disabled, so this would be the one you want to delegate for that capability.

    As ruddj says, do this via a group, rather than to a user. That way you can drop people in there easily without having to repeat the action for others.

SHARE:
+ Post New Thread

Similar Threads

  1. [MS Office - 2003] Office 2003 + Win7 = problem for non-admin??
    By gerardsweeney in forum Office Software
    Replies: 1
    Last Post: 9th May 2011, 12:23 PM
  2. Replies: 16
    Last Post: 3rd December 2007, 08:08 PM
  3. USB devices for non-admins
    By eejit in forum Windows
    Replies: 46
    Last Post: 15th November 2007, 03:50 PM
  4. Helpdesk for non-technical departments
    By ITWombat in forum MIS Systems
    Replies: 4
    Last Post: 21st October 2006, 10:47 PM
  5. Windows Update for Non-IE browsers.
    By Geoff in forum Links
    Replies: 2
    Last Post: 22nd November 2005, 02:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •