When you check the security of the object of an account he creates; he should be the owner. The owner has the ability to delete that object. Modify the parent permissions so there is an explicit deny on his account to prevent deletion.
That's exactly what I did and it's not working. I gave the group he is in explicit permissions to create computer objects, but the "deny" to delete. I must be missing something...
Ahhhh, I do not see creator/owner in the permissions. I'm assuming that I need to add creator/owner to the OU and then grant "deny" permissions for delete computer object?
Currently, when I look at effective permissions, his account still has a "delete" permission and that must be where it's coming from.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum