How to Create Level wise policy for IT Admin

Narender Singh 0 Reputation points
2024-09-17T19:59:22.62+00:00

I have a query like we have 15 engineers where 8 engineers are Level 1 engineers 4 are level 2 and 3 are level 3 engineers.

I want to create level wise policies for 3 different groups

Like level 1 engineers can not reset passwords for level 2 and level 3.

Level 2 can reset for level 1 but not for level 3

Level 3 can reset for level 1 and level 2 but no of any engineers of level 3 and above.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,548 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Yanhong Liu 9,910 Reputation points Microsoft Vendor
    2024-09-20T05:49:38.9+00:00

    Hello

    Thank you for posting in Q&A forum.

    Active directory have permission page, it can allow you to control people to change/reset password or not.

    For done this, you can open Active Directory Users and Computers. and move three level of user in different OU.

    And then right click this 3 level OU >>> Properties >>> Security >>> Advanced >>> Add >>> Principal choose 1 level user >>> Type choose Deny >>> Applies to choose Descendant User Objects >>> Click Clear all at the end of the page >>> make sure Change password and reset password is been select >>> click ok and close permission page.

    Now 1 level user can't change and reset password to 3 Level OU, you can follow this step to set the next permission

    Best regards

    Yanhong

    =====================================

    If the answer is helpful, please click "Accept answer" and upvote it

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.