Delegate Unlock user permission in Windows Server 2016

Published: 12 December 2020
on channel: microsoft lab

2,096

Donate Us : paypal.me/MicrosoftLab

Delegate Unlock user permission in Windows Server 2016

1. Prepare

DC1 : Domain Controller(Yi.vn) | WIN101 : Client

2. Step by step : Allow HiepIT unlock users in HR OU

DC1 : Configure allow HiepIT to remote to Domain Controller and unlock users in HR OU

Enable remote desktop

Click 'File Explorer' - Right-Click 'This PC' - Properties - Remote settings - Choose 'Allow remote connections to this computer' - OK

Server Manager - Tools - Active Directory Users and Computers - Yi.vn - Builtin OU :

Double-click "Remote Desktop Users" - Members tab - Add... : HiepIT

Double-click "Server Operators" - Members tab - Add... : HiepIT (or add to one of groups : Account Operators, Backup Operators, Print Operators)

Server Manager - Tools - Group Policy Management - Yi.vn - Right-Click 'Default domain Plicy' - Edit... - Computer Configuration - Polices

Windows Settings - Security Settings - Local Polices - User Rights Assignment - Allow log on through Remote Desktop Services :

Tick "Define these policy settings"

Click "Add User or Group..." - Browse... : Administrators;HiepIT - OK

Start - cmd, type : gpupdate /force

Active Directory Users and Computers - Right-click HR OU - Delegate Control... :

Users or Groups : Add... : HiepIT - Tasks to Delegate : Choose 'Create a custom task to delegate'

Active Directory Object Type : Choose 'Only the following objects in the folder:' - Select 'User objects' - Permissions : Untick General, tick Property-specific

In the list Permissions : Tick 'Read lockoutTime' + 'Write lockoutTime' - Finish

WIN101 : Remote to DC1 use HiepIT, test unlock user for NamHR

Start - Server Manager - Tools - Active Directory Users and Computers - Yi.vn :

IT OU - Double-Click NamIT - Account tab === can not unlock user

HR OU - Double-Click NamHR - Account tab === unlock for user === OK

----------------------------------------------------------******************** / microsoftlab ********************---------------------------------------------------------

Watch video Delegate Unlock user permission in Windows Server 2016 online without registration, duration hours minute second in high quality. This video was added by user microsoft lab 12 December 2020, don't forget to share it with your friends and acquaintances, it has been viewed on our site 2,096 once and liked it 6 people.