Using the Delegation of Control Wizard to assign permissions in Server 2012 R2

You can use the Delegation of Control Wizard to assign special permissions.

The following permissions can be set with one click:

  • Create, delete an manage user accounts
  • Reset user passwords and force password change at next logon
  • Read all user informaiton
  • Create, delete and manage groups
  • Modify the membership of a group
  • Manage Group Policy links
  • Generate Resultant Set of Policy (Planning and Logging)
  • Create, delete and manage inetOrgPerson acocounts
  • Reset inetOrgPerson password an force password change at next logon
  • Read all inetOrgPerson information

Here is a example.

  • In Users and Computers click on a OU or group with the right mousekey.
  • Click "Delegate Control"

 

Delegation of Control Wizard

 

  • The "Delegation of Control Wizard" starts

  • Click "Next"

  • Select a User or Group

Delegation of Control Wizard

  • Click "Next"

  • Select the rights you want to delegate

Delegation of Control Wizard

  • Click "Next"

  • Click "Finish"

But where can you revoke the rights? The Delegation of Control Wizard has no option for it.

Revoke the rights permitted with the Using the Delegation of Control Wizard

Goto Users and Computers

  • It is important to activate

    • View

    • Advanced Features

  • Click with the right mousekey oClick n the OU

  • Click "Properties"

  • Select the "Security" TAB

  • Search for the correct User or Group

 

Delegation of Control Wizard - Revoke Rights

 

  • To revoke the "Special Permissions" click on "Advanced"

  • Remove the User or Group with the special rights

Delegation of Control Wizard - Revoke Rights


Flag Counter