Hi, think this is my first thread started in this section....
I have created a security group and delegated write and read lockouttime permissions to the group, I have then added the group to a test teamleader account.
I already have a custom .mmc for the teamleader to run and reset passwords, and this same tool can now unlock agent accounts if they have accidentally locked themselves out....
Here is were the problem lies...
Running the custom .mmc will only show the Account Locked check box, if they are connected to a DC that has replicated and Only if the lockout policy on the domain has not unlocked the account (30 minutes).
To this end I have been playing with custom .bat files...
I have tested both the Net and DSMOD USER cmds, both work great under my admin account, but Not under the teamleader account with the delegated permissions, both .bat give either access denied or insufficient permissions?
Do I need to delegate further permissions for the dos cmds to work?
I have created a security group and delegated write and read lockouttime permissions to the group, I have then added the group to a test teamleader account.
I already have a custom .mmc for the teamleader to run and reset passwords, and this same tool can now unlock agent accounts if they have accidentally locked themselves out....
Here is were the problem lies...
Running the custom .mmc will only show the Account Locked check box, if they are connected to a DC that has replicated and Only if the lockout policy on the domain has not unlocked the account (30 minutes).
To this end I have been playing with custom .bat files...
I have tested both the Net and DSMOD USER cmds, both work great under my admin account, but Not under the teamleader account with the delegated permissions, both .bat give either access denied or insufficient permissions?
Do I need to delegate further permissions for the dos cmds to work?