How to revoque a delegeted right

  • Thread starter Thread starter Muriel
  • Start date Start date
M

Muriel

Let's imagine as an administrator, you have deleguated
the rights of "reset passwords" to a group for a
organisational unit. Late, you decide that the user in
the domain local group is abusing that right and wish to
revoque it.
I tried to use the mmc but I can't find the right snap-in
on reset passwords.
How do you do it?
How can you check and change the rights delegated to a
user (group) by an administrator?

I'd appreciate all suggestions

Thank you
 
You will have to go to the security properties for that OU in AD Users and Computers
and look for the user/group that was delegated that right and remove them. If you are
in doubt, create a new OU, that you can later remove, and compare the permissions and
it should become apparent what permissions need to be removed. You may also have to
look in the advanced page of security properties. Dscacls /s can also be used to
reset permissions to an AD object to default levels. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;281146
 
I'll have to test that tomorrow.

Thank you very much Steve

Muriel
-----Original Message-----
You will have to go to the security properties for that OU in AD Users and Computers
and look for the user/group that was delegated that
Click to expand...
right and remove them. If you are
in doubt, create a new OU, that you can later remove,
Click to expand...
and compare the permissions and
 
Back
Top