RE: restricted management for some users.

["Chris Goodwin" <chris.goodwin () epicenterprises com>]

Michael,

1- If you have access to Windows & .NET Magazine, an admin in your situation
submitted a nice password reset script in the March '04 issue:
http:/www.winnemag.com  / InstantDoc No. 41551

2- Makes sense to me, maybe someone has a better idea.

Chris Goodwin
Marketing / Networking
Epic Enterprises, Inc.
+1-910-692-5750


-----Original Message-----
From: Bruyere, Michel [mailto:mbruyere () ezemcanada com]
Sent: Thursday, May 20, 2004 9:51 AM
To: security-basics () securityfocus com
Subject: restricted management for some users.


Hi, 
        I've been asked to do 2 things and I wanted to know what you
guys think would be the best way. I already have a way to achieve my
goal but I'm looking for a better way to do that (if any exist)

Here it goes

1- I need to setup a user (the technician) to access the properties of
accounts in AD (to reset passwords and/or unlock them). He has to log on
locally/interactively on one of the DC (the one with all the FMSO
roles).
BTW I had something strange when I've set the local policies on the DC
to allow the user to logon locally. I had set al admins groups/accounts
and this particular account. Few times after I did this, users began to
call me telling that they had a message that they couldn't logon
interactively. Is there a way to setup "local" policies on the DC to
allow a user account to logon locally? 


2- I have to give full control over 5 servers to 2 guys, the ERP dev
team. They should have the right to install/uninstall anything on the
servers. I though to give them an account which is local administrator
on those servers.



Thanks



M.Bruyere
Network/systems administrator
CompTIA A+, Network+
The quickest way to find something
is to start looking for something else.
:-)




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------