IT Employment

General discussion


Restrict User Account Enabling

By TLN ·
Within Active Directory security, is there a way to restrict a help desk group's ability to enable user accounts after they have been disabled by a LAN Admin?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by BFilmFan In reply to Restrict User Account Ena ...

It all depends on how you enabled management of the OU containing the user accounts.

If you used the built-in Microsoft method of administering domains, the answer is no.

If you are using a third-party security tool, you perhaps can revoke that permission.

The best policy is to create an OU and call it Disabled Accounts and move the user account into that OU after they have been disabled. Do not grant the help desk permissions to manage that OU.

Collapse -

by TLN In reply to Perhaps

Thanks for the suggestion about creating an OU called Disabled Accounts. That is a great idea.

That is what I will do. :-)

Related Discussions

Related Forums