Hi guys,

So, I have home lab set up with Windows Server 2008R2. I've created a bunch of users. I also set a group for help desk. In that group I added one of the users as members which I will be using to delegate limited administrative abilities.

I then went into the User Accounts OU where all the users were set up. I right clicked and hit delegate control to the Help Desk group. I set the capabilities to only reset password and force change at logon. I double checked the permissions of that OU for Help Desk and it is set properly.

The issue is, when I log on to the server as that particular user, I can not reset the password for anyone of the users in that OU. I get an access denied error. I went back and traced my steps. I even made sure that help desk was not part of any group in itself where there could be conflicts. Any idea what can be causing this? Any suggestions are appreciated. Thanks in advance.

0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity



Nevermind. I was able to figure it out. Inheritance from the parent object was removed from the child. So that explicit permission was driving me mad for a couple days.

Answered 10/18/2013 by: apr11682
White Belt

Please log in to comment