S
Schroeder, AJ
Hello list,
I am attempting to restrict our help desk personnel to a very limited set of
privs when it comes to managing user objects in AD. In the past, they have
used AD Users and Computers to manage user accounts. We have an in-house
application that does management of user accounts, and in the interest of
consistency and standardization we would like to have our help desk use the
in house app to manage user accounts.
However, the in-house app doesn't do everything yet, it is still in
development. What doesn't work in the in-house app. is home drive and
profile path settings so we are still allowing our help-desk to manage these
settings from Users and Computers. Things were working well, until they went
to change the Terminal Services Profile Path - they get an access denied
when trying to apply the changes.
So I did some reading and it looks as if the Terminal Services path and RAS
settings are stored in the 'userParameters' attributes. So, I allow write
access to the 'userParameters' field for the users, but they still get an
access denied when they attempt to apply changes! There has to be something
that I am missing, but I can't find any other references to Terminal
Services Profile Paths other than 'userParameters'
I am a domain admin and I can make any changes that I want (duh), so what
attribute am I missing here? Has anyone attempted this at all? Any help
would be greatly appreciated.
P.S. This will be fixed, but who knows how long the development will be on
the in-house app.
Thanks,
AJ Schroeder
I am attempting to restrict our help desk personnel to a very limited set of
privs when it comes to managing user objects in AD. In the past, they have
used AD Users and Computers to manage user accounts. We have an in-house
application that does management of user accounts, and in the interest of
consistency and standardization we would like to have our help desk use the
in house app to manage user accounts.
However, the in-house app doesn't do everything yet, it is still in
development. What doesn't work in the in-house app. is home drive and
profile path settings so we are still allowing our help-desk to manage these
settings from Users and Computers. Things were working well, until they went
to change the Terminal Services Profile Path - they get an access denied
when trying to apply the changes.
So I did some reading and it looks as if the Terminal Services path and RAS
settings are stored in the 'userParameters' attributes. So, I allow write
access to the 'userParameters' field for the users, but they still get an
access denied when they attempt to apply changes! There has to be something
that I am missing, but I can't find any other references to Terminal
Services Profile Paths other than 'userParameters'
I am a domain admin and I can make any changes that I want (duh), so what
attribute am I missing here? Has anyone attempted this at all? Any help
would be greatly appreciated.
P.S. This will be fixed, but who knows how long the development will be on
the in-house app.
Thanks,
AJ Schroeder