You can use the Delegation of Control Wizard to assign special permissions.
The following permissions can be set with one click:
- Create, delete an manage user accounts
- Reset user passwords and force password change at next logon
- Read all user informaiton
- Create, delete and manage groups
- Modify the membership of a group
- Manage Group Policy links
- Generate Resultant Set of Policy (Planning and Logging)
- Create, delete and manage inetOrgPerson acocounts
- Reset inetOrgPerson password an force password change at next logon
- Read all inetOrgPerson information
Here is a example.
- In Users and Computers click on a OU or group with the right mousekey.
- Click "Delegate Control"
The "Delegation of Control Wizard" starts
Select a User or Group
Select the rights you want to delegate
But where can you revoke the rights? The Delegation of Control
Wizard has no option for it.
Revoke the rights permitted with the Using the Delegation of
Goto Users and Computers
It is important to activate
Click with the right mousekey oClick n the OU
Select the "Security" TAB
Search for the correct User or Group
To revoke the "Special Permissions" click on "Advanced"
Remove the User or Group with the special rights