반품
-
제목
Two users in the same security group. One works, the other gets "access denied." -
설명
Control access to the Password Manager self service site in User Scope with AD security groups. Two users are in the same group. One gets "access denied" when they try to update their question profile, the second user has no issues. -
원인
Effective permissions in Active directory. -
해결 방안
The Access Denied error may be due to any of the following:
- Insufficient permissions on the user object for the Password Manager service account
- Explicit Deny for the Password Manager service account
- Inheritance is disabled on the user object
To confirm, use either Active Directory Users and Computers (ADUC) or ADSIEdit to:
- Review the permissions on the user object
- Check the Effective Permissions on the user object that received the "Access Denied" error for the Password Manager service account (i.e. domain\pmsvc)
To resolve the "Access Denied" error (the missing permissions), do the following:
- If Inheritance is not turned on, enable it and let the permissions override what is currently set
- Follow the Password Manager minimial permissions guide and grant the appropriate permissions as required by Password Manager:
https://support.quest.com/password-manager/kb/27946
For additional information, please refer to the following Microsoft KB article:
-
첨부 파일
