+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
Windows Server 2008 R2 Thread, Staff resetting passwords in Technical; I am looking at a way to give staff access to reset pupil passwords but not to give them any ...
  1. #1

    Join Date
    Jan 2012
    Location
    Derby
    Posts
    20
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Staff resetting passwords

    I am looking at a way to give staff access to reset pupil passwords but not to give them any admin access. We use a 2008 r2 windows domain. Can anyone recomend a good way of implementing that?

  2. #2
    TheLibrarian
    Guest
    Create a custom MMC and use the delegate control wizard on the appropriate OU containing the pupil accounts.

  3. #3

    Join Date
    Jan 2012
    Location
    Derby
    Posts
    20
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    How would the staff then see how to reset the passwords? Remote Server Administration Tools?

  4. #4
    TheLibrarian
    Guest
    That would be the custom MMC part.

    You can focus the MMC on a particular part of AD, and as long as you have delegated control they can use that to reset passwords.

  5. #5
    TheLibrarian
    Guest
    Code:
     @echo offsetlocal
    
    
    :start
    cls
    echo,
    echo,
    set /p _username_=Please enter the username :
    
    
    if "%_username_%" == "q" goto end
    
    
    for /f "tokens=1* delims=*" %%i in ('dsquery user -limit 1 -samid "%_username_%"') do (
    echo %%i
    set _upn_=%%i
    if NOT "%%i" == "" goto chpwd
    )
    
    
    goto start
    
    
    
    
    :chpwd
    dsmod user %_upn_% -pwdneverexpires no
    dsmod user %_upn_% -pwd 123456 -mustchpwd yes
    
    
    :end
    I'm lazy and use this script to reset passwords.

  6. #6

    Join Date
    Jan 2012
    Location
    Derby
    Posts
    20
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    So when delegating control, can you minimise what the user sees in AD? I dont really want them to see everything

  7. #7
    icttech's Avatar
    Join Date
    Oct 2007
    Posts
    43
    Thank Post
    0
    Thanked 4 Times in 3 Posts
    Rep Power
    15
    We use Password Control, its a free application, easy to install.

    we had if installed on our server (2008r2) and have a link to it on our staff profiles.

    Works a treat. PM me if you want some more info.

  8. #8
    TheLibrarian
    Guest
    They would see everything that they have permission to, but they would not be able to change anything.

    I don't think it really matters what the teachers see, only what they can change. (Just my £0.02)

  9. #9
    TheLibrarian
    Guest
    Quote Originally Posted by icttech View Post
    We use Password Control, its a free application, easy to install.
    Post a link?

  10. #10

    Join Date
    Jan 2012
    Location
    Derby
    Posts
    20
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by TheLibrarian View Post
    They would see everything that they have permission to, but they would not be able to change anything.

    I don't think it really matters what the teachers see, only what they can change. (Just my £0.02)
    You've been very helpful, thankyou

  11. #11

    Join Date
    Jan 2012
    Location
    Derby
    Posts
    20
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    A link would be very helpful on here please

  12. #12

    Join Date
    Mar 2007
    Location
    Devon
    Posts
    1,048
    Thank Post
    226
    Thanked 63 Times in 56 Posts
    Rep Power
    30
    A quick google took me to this... going to try it out later.

    Password Control

  13. #13
    TheLibrarian
    Guest
    Quote Originally Posted by MarkBerridge View Post
    You've been very helpful, thankyou
    You are welcome.

  14. #14

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,375
    Thank Post
    958
    Thanked 1,630 Times in 1,103 Posts
    Blog Entries
    47
    Rep Power
    711
    Custom MMC - in a normal AD MMC, right click on the OU you want them to see and choose New Window. Save that as a new MMC and put it somewhere they can all get to. Delegate the relevant permissions to staff on that OU. Easy peasy!

  15. #15

    Join Date
    Jan 2012
    Location
    Derby
    Posts
    20
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by sonofsanta View Post
    Custom MMC - in a normal AD MMC, right click on the OU you want them to see and choose New Window. Save that as a new MMC and put it somewhere they can all get to. Delegate the relevant permissions to staff on that OU. Easy peasy!
    Brilliant thanks



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. apc powerchute buisness ed reset password
    By russdev in forum Windows
    Replies: 8
    Last Post: 16th December 2014, 06:59 PM
  2. Reset Password Ubuntu Server
    By richard_s in forum *nix
    Replies: 5
    Last Post: 9th December 2009, 11:27 AM
  3. Replies: 7
    Last Post: 13th July 2009, 05:35 PM
  4. Replies: 1
    Last Post: 10th July 2009, 10:34 AM
  5. Replies: 12
    Last Post: 12th September 2005, 11:47 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •