Using the Delegation of Control Wizard to assign permissions in Server 2012 R2


lars-schlageter-autor
Hello, this is Lars. IT Engineer. Certified (and enthusiastic) webmaster. Also an enthusiastic Windows, Apple, and Office user. I write about all kinds of topics around IT. Living in Switzerland. You can find out more about me here: About me. Thanks for your visit!

You can use the Delegation of Control Wizard to assign special permissions.

The following permissions can be set with one click:

  • Create, delete an manage user accounts
  • Reset user passwords and force password change at next logon
  • Read all user informaiton
  • Create, delete and manage groups
  • Modify the membership of a group
  • Manage Group Policy links
  • Generate Resultant Set of Policy (Planning and Logging)
  • Create, delete and manage inetOrgPerson acocounts
  • Reset inetOrgPerson password an force password change at next logon
  • Read all inetOrgPerson information

Here is a example.

  • In Users and Computers click on a OU or group with the right mousekey.
  • Click "Delegate Control"

 

Delegation of Control Wizard

 

  • The "Delegation of Control Wizard" starts

  • Click "Next"

  • Select a User or Group

Delegation of Control Wizard

  • Click "Next"

  • Select the rights you want to delegate

Delegation of Control Wizard

  • Click "Next"

  • Click "Finish"

But where can you revoke the rights? The Delegation of Control
Wizard has no option for it.

Revoke the rights permitted with the Using the Delegation of
Control Wizard

Goto Users and Computers

  • It is important to activate

    • View

    • Advanced Features

  • Click with the right mousekey oClick n the OU

  • Click "Properties"

  • Select the "Security" TAB

  • Search for the correct User or Group

 

Delegation of Control Wizard - Revoke Rights

 

  • To revoke the "Special Permissions" click on "Advanced"

  • Remove the User or Group with the special rights

Delegation of Control Wizard - Revoke Rights

Did you like the article? Then I'm happy if you like and share it.
Thank you!

2 comments

    1. Hi keerthirethinam
      I’m not working with Windows Server anymore, but I left the site online because it still has some visitors. If I remember correctly, you are doing this as administrator for a special user (in this case mm). So no, the mm user does not log in.
      Regards

Leave a Reply

Your email address will not be published. Required fields are marked *