Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
by_EL2020-12-22 01:49:18
Active Directory
by_EL, 2020-12-22 01:49:18

How can I make it so that the IT department group can reset the password for users outside of the IT department?

There is an IT group that serve users and can reset user passwords and access administrative shares as $users.
The problem is that these IT team members can reset each other's passwords and gain $$ access to the drives. How to limit this situation?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Alexey Dmitriev, 2020-12-22
@SignFinder

This can be limited by the rights to reset passwords.
1. Transfer the IT group to a separate OU.
2. Remove\prohibit the rights to reset passwords.
3. Add the rights to reset passwords for the SELF principal
to the OU And prohibit changing the rights to the OU :-)

Report
C
chupasaurus, 2020-12-22
@chupasaurus

No way. Audit logs are the only deterrent.

Similar questions
S
shaivam2022-01-03 00:16:39
If you need to turn off the main DC while leaving the additional DC on, what pitfalls can wait? 3Reply
B
BiMouSe2014-04-23 15:22:08
How to migrate Windows AD 2003 to Samba 4? 1Reply
J
Jurasz2022-01-11 08:06:13
There are no servers that could process the request. How to fix if there is no local admin account? 4Reply
D
denn2022-01-18 17:48:47
In what part to look for a problem if it is impossible to connect to AD? 1Reply
I
Ivan Trofimov2014-05-20 04:44:46
How to display photo from AD in browser (php + ldap)? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question