|
Item 1: Create a group that will contain the user accounts that you wish to be able to reset passwords (note though that if your account is already locked you won't be able to get in to reset it so not sure what value this approach will do for you). Then as Les has stated you would DELEGATE (basically assigns or allows an account or group to specifically carry out a task) the authority to reset passwords (I think though [have not looked it up] that this would then allow members of this group to reset anyones password [except an account of higher authority] on the system) so you would also want to be careful about this.
I guess bottom-line THIS IS NOT A GOOD OR RECOMMENDED thing to do.
As for item 2 It can not be done with KiXtart alone, but via KiXtart ie. using other COM or Compiled programs you could get close, but again [have not tried] I don't think a normal account can assign rights of a higher group/account [this is just common sense for secuirty purposes]. Also, the main folder would have to allow users to perform the rights assignment from a parent folder, which would then mean that anyone with those rights could then come along and either on purpose or on accident delete or re-assign rights. Which is/would be another NO NO in terms of security.
Again, which Les has also attempted to alert you to, neither of the items you wish to do should be done in a place of business. The tasks you are attempting to do can/would allow potential security issues from either internal or external sources. Some say up to 85% of hacking or damage is done by employees of the Company. If that is true, you would be making things easier for both types of intruder access.
For both items, if you don't have a Helpdesk to perform these tasks and you don't have time yourself then perhaps delegate these rights to maybe a group of 20 or so high profile/more advanced and trusted users to help out.
| 
