![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 62%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Don't work for me. I add permission as in the picture.
User has delegated permission to crate and delete the user, etc...
How to Delegate Help Desk Group to Manage "Protect Object from Accidental Deletion" Option Only
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 12%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWN%3C/text%3E%3C/svg%3E)
Wojciech Napierała
41
Reputation points
Hi everyone,
I'm looking for some guidance on how to delegate specific permissions to our Help Desk group in Active Directory. We use a tiered support model, and we aim to keep tasks as granular as possible. Specifically, I want to allow the Help Desk group to manage the "Protect object from accidental deletion" option for user objects, but nothing else.
Here's what I need to achieve:
- The Help Desk group should be able to check and uncheck the "Protect object from accidental deletion" option for user objects. This option only.
Is it possible to delegate just this specific permission without granting broader write access to the user objects? If so, could you provide some tips or detailed steps on how to accomplish this?
Any advice or information would be greatly appreciated.
Thank you in advance!
Wojtek
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2024-09-20T10:43:27.1666667+00:00 Hello Wojciech Napierała,
Thank you for posting in Q&A forum.
After my research, there is no such setting or permission corresponding to the "Protect object from accidental deletion" option.You can try to set it on Domain Controller via the steps in the following similar thread.
Right click domain name and select Properties and Security tab, then click Advanced button and Add button.
Principal: Everyone
Type: Deny
Applies to: Descendant User objects
And check the permissions blow:I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.