Ask the Expert

How can I remove 'delete a user account' permissions from an account operator?

How can I remove the permissions to delete a user account from the account operator in Windows 2000?
There are two ways to approach this problem.
  1. To allow account operators to do everything to manage accounts except delete user accounts, you can deny account operators the "Delete all child objects" permission on the users container in Active Directory users and computers. If all user accounts do not reside in this container, you will have to make the same change to all user account containing organizational units (OUs).
  2. The second option is to create a custom security group and only give it the permissions over user accounts that you desire. After creating the group, use the delegation of control wizard. When you are done, add members to this group that you wish. Delegation of administrative authority to security groups may be of help.

This was first published in March 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: