Delegate control problems

  • Thread starter Thread starter Kendall
  • Start date Start date
K

Kendall

What I basically want is for our admin/front desk/reception staff to be
able to update peoples contact details (such as phone, address etc) in
AD.
I thought I had configured "Delegate Control" for the OU correctly
(i.e. i thought I had set the permissions for certain properties
correctly - such as Read Fax Number, Write Fax Number)

When the user opens mmc on her pc, she can read the details of a Users
properties. The problem is though, is that she is able to edit the tabs
such as "Terminal Services Profile", "Remote Control", "Environment",
"Sessions" etc.
These are certainly tabs I DON'T want our user to edit (for obvious
reasons).

Here is a sample of the summary given after I have gone through the
"Delegate Control"
wizard (i have shortened it so that the page is not too long):

*******************************************************************************************
You chose to delegate control of objects in the following Active
Directory folder:
mydomain.com/Central/Users

The groups, users, or computers to which you
have given control are:

Marilena Piaia (mydomain.com\mpiaia)

They have the following permissions:

Read and write General Information
Read and write Phone and Mail Options
Read accountExpires
Write accountExpires
Read Assistant
Write Assistant
Read Comment
Write Comment
Read Company
Write Company
Read Department
Write Department
Read Description
Write Description
Read Fax Number
Write Fax Number
Read Fax Number (Others)
Write Fax Number (Others)
Read First Name
Read Home Phone
Write Home Phone
 
Sorry, I forgot to mention, that she CANNOT edit the fields/attributes
I want her to be able to edit (such as Read Fax Number, Write Fax
Number). It's as though the whole thing is working in reverse to what
it should.
Any ideas?
 
Back
Top