Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
by_EL2020-12-22 01:49:18
Active Directory
by_EL, 2020-12-22 01:49:18

How can I make it so that the IT department group can reset the password for users outside of the IT department?

There is an IT group that serve users and can reset user passwords and access administrative shares as $users.
The problem is that these IT team members can reset each other's passwords and gain $$ access to the drives. How to limit this situation?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Alexey Dmitriev, 2020-12-22
@SignFinder

This can be limited by the rights to reset passwords.
1. Transfer the IT group to a separate OU.
2. Remove\prohibit the rights to reset passwords.
3. Add the rights to reset passwords for the SELF principal
to the OU And prohibit changing the rights to the OU :-)

Report
C
chupasaurus, 2020-12-22
@chupasaurus

No way. Audit logs are the only deterrent.

Similar questions
K
Korhoff2020-10-04 18:02:02
How to restrict user access to other people's files and folders in the domain? 6Reply
Y
Yuri Yerusalimsky2022-02-09 08:25:45
Policy override for an individual domain user? 3Reply
P
Pavel2020-10-14 11:44:16
How to set up file sharing? 1Reply
E
Evgeny Ivanov2022-02-15 08:16:46
How to copy users to another domain (create copies of accounts)? 3Reply
A
andreystrelkov2014-07-07 11:05:52
How to find out the name of the current authorized user in Active directory using Javascript code? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question