OU Permissions

  • Thread starter Thread starter Jeff
  • Start date Start date
J

Jeff

We have a group that will be using a tool to unlock user
accounts if needed. All the user accounts are located in
various containers under a particular OU. I added the
Group to access the OU but I am not sure what to check off
so that they can basically only unlock a user account.
Thanks.
 
I actually found this after I posted but it didnt seem to
work. Do I have to refresh the policy even though the
policy is setup on the DC and the access is for the DC?
 
Yep, you'll either need to refresh the policy on the DC, or wait - enough
time has now probably elapsed so this will be OK.

Bear in mind, that DCs apply policy every 5 mins, and send replication
notifications every 5 mins, so this shouldn't be a long wait (intrasite
anyway).

However, if you created a new group, applied the permissions to that group,
and added the users to that group then each user will need to logoff/logon
to get their new and updated access token.


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
I actually found this after I posted but it didnt seem to
work. Do I have to refresh the policy even though the
policy is setup on the DC and the access is for the DC?
 
Ok.. This still isnt working. Its telling me access
denied. Basically, its a VB app that allows you to enter
a username and passes this to a .bat file. The .bat file
executes a userinfo command that unlocks the account. I
have Domain Admin rights and tested the tool with no
problems at all so I know the tool itself works. When I
log on as the test user the tool launches and attempts to
execute the .bat file command which it does (I have echo
on and a pause to see what is happening). The next thing
it says is access denied. What else could it be?
 
Back
Top