IT Employment

General discussion

Creator

Topic
March 9, 2006 at 3:40 pm #2191666

Restrict User Account Enabling

Locked

by tln · about 18 years, 1 month ago

Within Active Directory security, is there a way to restrict a help desk group’s ability to enable user accounts after they have been disabled by a LAN Admin?

This conversation is currently closed to new comments.
Creator

Topic

All Comments

Author

Replies
- March 10, 2006 at 6:34 am #3266999
  
  Perhaps
  
  by bfilmfan · about 18 years, 1 month ago
  
  In reply to Restrict User Account Enabling
  
  It all depends on how you enabled management of the OU containing the user accounts.
  
  If you used the built-in Microsoft method of administering domains, the answer is no.
  
  If you are using a third-party security tool, you perhaps can revoke that permission.
  
  The best policy is to create an OU and call it Disabled Accounts and move the user account into that OU after they have been disabled. Do not grant the help desk permissions to manage that OU.
  - March 10, 2006 at 8:04 am #3266878
    
    Reply To: Restrict User Account Enabling
    
    by tln · about 18 years, 1 month ago
    
    In reply to Perhaps
    
    Thanks for the suggestion about creating an OU called Disabled Accounts. That is a great idea.
    
    That is what I will do. 🙂
Author

Replies

Viewing 0 reply threads

Start a Discussion

Start New Discussion