TAMS: Prerequisite Permissions for Active Directory - TruU Docs

Procedure
Validation

This document defines the procedure for setting the prerequisite permissions on an Active Directory OU to support TruU TAMS.

Procedure

Open Active Directory, click on the “View” tab and make sure Advanced Features is enabled.

Create a standard Service Account with no additional permissions.
Designate a User OU that you’d like to target users for the automated password management

(Note: If you’d like to test an OU first, you can create an OU with test users.)

Right-click the OU and select “Delegate Control..”.

Click “Next” in the wizard.

Find and add the service account you created, click “OK” and click “Next” on the wizard.

Select “Create a custom task to delegate” radio button and click “Next”.

Click on the “Only the following objects in the folder” radio button. Then scroll down and check the box next to “User objects”. Then click “Next”.

For the Permissions, select “Property-specific” only. Then select the following check boxes then click “Next” and Finish:
- Read lockout Time
- Write lockout Time

Validation

Right-click the same OU and click on the “Security” tab find the service account and click “Advanced”.

Find the service account in the Security Settings windows and click “Edit”.

Scroll down and ensure that only Read lockout Time and Write lockout Time are the only special permissions selected for the service account on that OU.

Mandatory Intune Policy Update for Chrome and Edge (Windows, Version 147+)Automatically Select Certificate

⌘I