How to Delegate Help Desk Group to Manage "Protect Object from Accidental Deletion" Option Only

Wojciech Napierała 41 Reputation points
2024-09-20T09:44:58.77+00:00

Hi everyone,

I'm looking for some guidance on how to delegate specific permissions to our Help Desk group in Active Directory. We use a tiered support model, and we aim to keep tasks as granular as possible. Specifically, I want to allow the Help Desk group to manage the "Protect object from accidental deletion" option for user objects, but nothing else.

Here's what I need to achieve:

  • The Help Desk group should be able to check and uncheck the "Protect object from accidental deletion" option for user objects. This option only.

Is it possible to delegate just this specific permission without granting broader write access to the user objects? If so, could you provide some tips or detailed steps on how to accomplish this?

Any advice or information would be greatly appreciated.

Thank you in advance!

Wojtek

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,565 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Daisy Zhou 24,046 Reputation points Microsoft Vendor
    2024-09-20T10:43:27.1666667+00:00

    Hello Wojciech Napierała,

    Thank you for posting in Q&A forum.
    After my research, there is no such setting or permission corresponding to the "Protect object from accidental deletion" option.

    You can try to set it on Domain Controller via the steps in the following similar thread.

    https://serverfault.com/questions/848494/how-to-delegate-permission-to-mark-ou-object-as-protected-from-accidental-delet

    Right click domain name and select Properties and Security tab, then click Advanced button and Add button.

    User's image

    Principal: Everyone

    Type: Deny

    Applies to: Descendant User objects
    And check the permissions blow:

    User's image

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.