Educause Security Discussion mailing list archives
Re: Windows security question.
From: "Childs, Aaron" <aaron () WSC MA EDU>
Date: Mon, 19 Apr 2010 13:53:38 -0400
Anand, You do not need domain admin privileges to read object attributes. Have a good day, Aaron ----------- Aaron Childs Assistant Director, Networking Westfield State College http://www.wsc.ma.edu/it/ -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S Malwade Sent: Monday, April 19, 2010 12:40 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Windows security question. Windows security experts, I need some guidance regarding rights. we are developing an application that will be used to notify users of their impending password expiry (<=14 days). The application team is requesting an AD account with domain admin rights to read the password age attributes associated with the policy and calculate the user's password expiry. Is AD, there a way to assign limited rights to an generic ID w/o giving domain admin privileges for the purposes above ? Can a regular domain ID not query password attributes from command line ? Thanks, Anand Anand Malwade Seton Hall University.
Current thread:
- Windows security question. Anand S Malwade (Apr 19)
- <Possible follow-ups>
- Re: Windows security question. Childs, Aaron (Apr 19)
- Re: Windows security question. Ammar Abdulahad (Apr 19)