Windows Administrative Delegation Techniques

by Derek Melber
Sept. 1, 2017 0 comments TechGenix windows client security

Ever since Microsoft released Windows 2000 way back when, the options for delegating certain tasks have been available. The concepts of delegation can be a bit confusing, but in the core of what the delegation provides is essential to an efficient network. Without the use of delegations, you are stuck with only default groups that grant administrative privileges over certain tasks and objects. For example, without delegation over user and group accounts, a user must be placed in the Account Operators group to be given the ability to just manage users, groups, and computers in the domain. Of course, a user could also be placed in the Domain Admins or Enterprise Admins groups, but this would grant them far too many privileges than just managing accounts. In a similar manner, placing users in the Account Operators group also grants them too many privileges, such as modifying not only user accounts, but all administrative accounts. Delegation solves this issue, by allowing very granular...