I am interested in allowing our help desk personnel the ability to reset passwords but I don’t want to give them Account operator access. The obvious reasons are that I would prefer they not be able to create/modify accounts with the exception the password reset. Does anyone have a remedy for my situation? (NT 4.0 Environment)