Applies to: Live@edu
Topic Last Modified: 2010-05-24
Wouldn't it be great if you could give help desk personnel permission to reset forgotten passwords without giving them access to other administrative functionality in your organization? You have several options:
-
Add the help desk personnel to the Help Desk role group By default, the Reset Password role is assigned to the Help Desk role group. But note: the Help Desk role group includes these additional roles:
-
User Options This role allows users to access the Options page of other users for troubleshooting purposes. Here's how: Access Another User's Options Page
-
View-Only Recipients This role allows the user to see the configuration of all mailboxes, mail users, mail contacts, groups, and dynamic distribution groups. The help desk personnel can see the object configurations, but they can't modify anything.
-
User Options This role allows users to access the Options page of other users for troubleshooting purposes. Here's how: Access Another User's Options Page
If this additional scope works for your organization, you don't have to do anything else.
Too much power?
What if you think that the additional roles give too much power to the help desk personnel? You have these options:
-
Optional step: Remove the extra roles from the Help Desk role group Before you add users to the Help Desk role group, you can remove the extra roles. Be aware: This approach reduces the capabilities of all existing members of the Help Desk role group.
-
Assign the Help Desk role to a new role group With this approach, you don't use the Help Desk role group at all. Instead, you create a new role group, assign the Reset Password role to the role group, and add the users to the role group.
Add the help desk personnel to the Help Desk role group
-
In the Exchange Control Panel, select Manage My Organization > Roles & Auditing > Administrator Roles.
-
Select the Help Desk role group, and then click Details.
-
Under Members, click Add.
-
In the Select Members dialog box, select one or more users. You can search for users by typing all or part of a display name, and then clicking
. You can also sort the list by clicking the Display Name or E-Mail Address column headings.
-
Click Add.
-
Click OK to return to the role group page.
-
Click Save to save the change to the role group.
The new member is displayed under Members in the details pane for the selected role group.
Optional step: Remove the extra roles from the Help Desk role group
-
Select Manage My Organization > Roles & Auditing > Administrator Roles.
-
Select the Help Desk role group, and then click Details.
-
Under Roles, select User Options, and click Remove. Then select View-Only Recipients and click Remove.
-
Click Save to save the changes to the role group.
Assign the Help Desk role to a new role group
-
Select Manage My Organization > Roles & Auditing > Administrator Roles.
-
Click New.
-
Enter the following information:
-
Name For example, "Custom Reset Passwords".
-
Description For example, "A custom role group created to allow users to reset passwords only".
-
Roles Click Add, select Reset Password, click Add, and click OK.
-
Members Click Add, select the users, click Add, and click OK.
-
Name For example, "Custom Reset Passwords".
-
Click Save.
When users are added to the role group, they can reset users' passwords.
Next steps
-
To reset passwords in the Exchange Control Panel, see Reset a User's Password.
-
To reset passwords in Windows PowerShell, see Reset a Live@edu User's Password with Windows PowerShell.
