Delegate Control Wizard Cannot Be Used to Remove Groups or Users

Article translations Article translations
Article ID: 229873 - View products that this article applies to.
This article was previously published under Q229873
Expand all | Collapse all

SUMMARY

In Windows 2000, users or groups can be granted administrative privileges over containers and the objects within those containers. Although this can be performed by modifying the permissions on the container, Windows 2000 includes the Delegate Control Wizard to automate the task. Note, however, that although the Delegate Control Wizard can be used to grant users and groups administrative privileges over containers and the objects within them, it cannot be used to remove those privileges. Removal must be accomplished manually.

MORE INFORMATION

To delegate control on a container:
  1. Start the Active Directory Users and Computers snap-in.
  2. Right-click a domain or organizational unit, and then click Delegate Control.
  3. Finish the wizard by selecting the users or groups and granting the appropriate permissions. The following permissions are predefined and can be granted singly or in any combination:

    • Create, delete, and manage user accounts
    • Reset password on a user account
    • Read all user information
    • Modify the membership of a group
    • Manage published printer queues
    Or, custom permissions can be used to delegate more specific control.
When you are adding users or groups, you cannot use the Delete button to remove a user or group from the delegated permissions once the wizard has been run. This button can only be used to correct mistakes during the delegation process.

If a user or group must be removed from the delegated permissions:
  1. Start the Active Directory Users and Computers snap-in.
  2. On the View menu, click Advanced. This enables the Security tab.
  3. Right-click the container from which the permissions will be removed, and then click Properties.
  4. Click the Security tab.
  5. Remove the appropriate users or groups.
NOTE: Rather than removing users and groups, these same steps can be used to modify the delegated permissions. By default, all child objects in the container inherit the permissions set on the container.

Properties

Article ID: 229873 - Last Review: February 23, 2007 - Revision: 2.2
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
Keywords: 
kbenv kbinfo KB229873

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com