delegation

[Blake]

I am attempting to delegate control of the 'Allow Access/Deny Access'
buttons on the Dial-in tab in ADUC to our helpdesk. I have read a couple of
snippets:

http://www.mcse.ms/archive44-2006-2-1959451.html

http://msmvps.com/blogs/ulfbsimonweidner/archive/2004/09/02/12773.aspx


Which lead me to believe it doesn't work as expected. I want our HelpDesk,
using ADUC, to be able to change the radio buttons.

Anyone?

Blake

 

[Paul Williams [MVP]]

From the look of things (take Ulf's blog seriously, he's a seriously clever
guy) your only real option is a proxy-based solution, i.e. not using ADUC.
You have two choices:

-- Write your own web-based front end that does the access control and runs
as a service account, e.g. using AzMan; or
-- Buy a 3rd party solution, e.g. Quest ActiveRoles.

 

[Jack Doyle]

Another third-party option would be Active Administrator from
ScriptLogic (http://www.scriptlogic.com/products/activeadmin/). Active
Administrator uses a feature called Active Templates to assign
delegated permissions to users or groups of users in Active Directory.

With the use of Active Templates, it also makes it easy to manage
delegated permissions as well as report on permissions you have
delegated.

One more thing I don't want to leave out... if you use Active Templates
to delegate your permissions, they will also sefl-heal should those
permissions get changed in any way (even with native tools, ADUC, for
instance).

Jack Doyle, Systems Engineer
ScriptLogic Corporation
www.scriptlogic.com