What AD permissions and ASL preferences need to set so support staff are able to update credentials/variables e.g. Usernames/Passwords using the MMC snap-in?
In order to change values of NSL data that is stored in the Directory e.g. $Variables such as $Username and $Password, support staff must:
- Have access to the SecureLogin MMC snap-in (or SecureLogin Manager) to view and change the values
- Write rights to the protocom-SSO-entries attributes on User Objects to be updated/administered (can be set at the OU for all users in that OU and below using the Delegate Control Wizard>User Objects)
- The following NSL preference must be set on the AD user object of the relevant support staff
"Allow users to modify credentials through the GUI" = YES