alifen

Asked: 2015-07-04 03:35:14 +0800 CST2015-07-04 03:35:14 +0800 CST 2015-07-04 03:35:14 +0800 CST

userAccountControl property - delegate permission to set PARTIAL_SECRETS_ACCOUNT

I am needing to set the userAccountControl property of a user account to include TRUSTED_TO_AUTH_FOR_DELEGATION (0x1000000) and PARTIAL_SECRETS_ACCOUNT (0x04000000).

To set TRUSTED_TO_AUTH_FOR_DELEGATION, the account performing the operation needs to be listed in the "Enable computer and user accounts to be trusted for delegation" setting in the security policy on the domain controller on which the operation is being performed. Once added in, the account can set that flag just fine.

However, setting PARTIAL_SECRETS_ACCOUNT results in access denied for any account other than a domain admin.

My question, then, is can I delegate permission to set the PARTIAL_SECRETS_ACCOUNT flag on an account?

userAccountControl property - delegate permission to set PARTIAL_SECRETS_ACCOUNT

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

userAccountControl property - delegate permission to set PARTIAL_SECRETS_ACCOUNT

0 Answers