Using the Delegation of Control Wizard
Using the Delegation of Control Wizard to assign permissions in Server 2012 R2
You can use the Delegation of Control Wizard to assign special permissions.
The following permissions can be set with one click:
- Create, delete an manage user accounts
- Reset user passwords and force password change at next logon
- Read all user informaiton
- Create, delete and manage groups
- Modify the membership of a group
- Manage Group Policy links
- Generate Resultant Set of Policy (Planning and Logging)
- Create, delete and manage inetOrgPerson acocounts
- Reset inetOrgPerson password an force password change at next logon
- Read all inetOrgPerson information
Here is a example.
- In Users and Computers click on a OU or group with the right mousekey.
- Click "Delegate Control"
The "Delegation of Control Wizard" starts
Select a User or Group
Select the rights you want to delegate
But where can you revoke the rights? The Delegation of Control Wizard has no option for it.
Revoke the rights permitted with the Using the Delegation of Control Wizard
Goto Users and Computers
It is important to activate
Click with the right mousekey oClick n the OU
Select the "Security" TAB
Search for the correct User or Group
To revoke the "Special Permissions" click on "Advanced"
Remove the User or Group with the special rights
Write a comment...
- Step-by-Step: Enabling and Using Fine-Grained Password Policies in AD 2014.03.07 Clear arrangement and the ADAC are two different kind of things. Where the hell is the Password Setting Container?
- DNS - Stale records and scavenge? 2014.03.06 DNS - Stale records and scavenge - where are the settings
- Printer objects in Active Directory Users and Computers 2014.03.02 Really? You can see printer objects in Active Directory Users and Computers
- Getting Started
- Extend the Windows Server 2012 evaluation period
- Windows 2012 R2 Core Server installation
- What's new in Windows Server 2012 R2?
- What's new in Windows Server 2012 R2 Hyper-V?
- The Start Menu in Windows Server 2012 R2
- Some thoughts to Remote Desktop Services (RDS)
- ACT, Windows Server Migration Tools, MDT and MAP?
- P2V/V2V checklist
- PPTP / L2TP / OpenVPN / SSTP
- DNS Cache Locking
- DNS Zone Delegation
- Enabling Block Inheritance and Enforced option for GPOs
- Windows Deployment Services (WDS)
- Notes to System Center Configuration Manager
- Domain Controller Cloning in Windows Server 2012
- Branch Office Direct Printing
- What is iSCSICLI
- More Powershell Commands
- What dism also can be used for
- DHCP Filter in Windows Server 2012 R2
- Automatically add a user to a local group with GPO
- AppLocker in Windows Server 2012
- Where is Active Directory Users and Computers?
- AD Groups
- NIC Teaming in Windows Server 2012
- SYSPREP for Windows Server 2012
- Windows Server 2012 R2 core basic configuration
- Remote Management of servers
- Using the Delegation of Control Wizard
- File and Storage Part 1
- Group Policy - What are Restricted Groups for?
- Rename the local administrator accounts
- What are local groups for?
- Central store for Group Policy Administrative Templates
- What is DHCP Guard?
- MDT 2012
- Facts about AD-Objects
- Grouping servers in Server Manager
- What does the On-link in route print mean
- Group Policy Preferences
- Upgrading from Server Core 2008
- Printer objects in Active Directory Users and Computers
- DNS - Stale records and scavenge?
- Step-by-Step: Enabling and Using Fine-Grained Password Policies in AD
- Me / Legal