Is it possible to delegate this through delewiz.inf? I have tried the
following without any luck:

msNPAllowDialIn=RP,WP
userParameters=RP,WP

or
CONTROLRIGHT="Read and Write Remote Access Information"


dsacls \\server\OU path /I:T /G "domain\group:WP;msNPAllowDialin;user"
"domain\group:WP;userParameters;user"


Anyone with any ideas on this subject?

Thanks

Hi,

Is the suggestion helpful? If not, please let us know more information for
research. Any update is welcomed.

Sincerely,
Mervyn Zhang
Microsoft Online Community Support

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Hello Mervyn,

This is more like using the Wizard which I can do that with no problem. What
I'm refering to is customzing the delegwiz.inf so I could use it to delegate
access in AD.

[template100]
AppliesToClasses=domainDNS,organizationalUnit,container
Description = "Delegate changes to Dial-in tab"
ObjectTypes = user, InetOrgPerson

[template100.user]
CONTROLRIGHT= "Reset Password","Read and Write Remote Access Information"
@=RP                               

[template100.InetOrgPerson]
msNPAllowDialin=RP,WP
msNPCallingStationID=RP,WP
msNPSavedCallingStationID=RP,WP
msRADIUSCallbackNumber=RP,WP
msRADIUSFramedIPAddress=RP,WP
msRADIUSFramedRoute=RP,WP
msRADIUSServiceType=RP,WP
msRASSavedCallbackNumber=RP,WP
msRASSavedFramedIPAddress=RP,WP
msRASSavedFrameRoute=RP,WP

Show quoteHide quote

this doesn't work either. Is there something else i'm missing?

Show quoteHide quote

I too am having issues per the suggestions above.
I am trying to delegate the "Dial-in" tab options to my Helpdesk AD group.
I've followed the following directions (pasted below), but I cannot get the
options to un-grey. I've manually sync'ed AD and copied the DSSEC.DAT file to
all 3 DC's and the XP desktop itself. All attempts have failed.

Am I missing something?

What I did so far:
1. Open C:\windows\system32\DSSEC.DAT with NotePad.
2. Under [USER] section, find the following entries and change the value
from "7" to "0".

msNPAllowDialin=0
msNPCallingStationID=0
msNPSavedCallingStationID=0
msRADIUSCallbackNumber=0
msRADIUSFramedIPAddress=0
msRADIUSFramedRoute=0
msRADIUSServiceType=0
msRASSavedCallbackNumber=0
msRASSavedFramedIPAddress=0
msRASSavedFramedRoute=0

3. Open ADUC, click Action menu, choose the Delegation Wizard, and select
the group you want to delegate control, click next.
4. Create a custom task to delegate.
5. Select "Only the following objects in the folder", choose User objects
at the bottom of the list, and click next.
6. Select Property-specific, give read and write permissions to these
attributes.

Account Restrictions
Remote Access information
msNPAllowDialin
msNPCallingStationID
msNPSavedCallingStationID
msRASSavedCallbackNumber
msRASSavedFramedIPAddress
msRASSavedFramedRoute

I've alos tried this with no success, although I've change it on a Windows
2008 Server that's a member of the domain and not a DC. Guessing this
shouldn't matter as the inf and dat file are only used to give you the
ability to pass this info onto the DC's anyway to set the required
permissions.
Basically the service desk guys I'm trying to delegate the rights to can
"see" the tab name, but get an the dreaded "Could not load the dial-in
profile for this user because: Access is denied." The environment we are
running is native 2008 AD.

Any help would be appreciated!

I too have followed Mervyn's suggestions but am not having any luck either. I
had a post here too: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/c25b2091-5f25-4320-bda2-912345fcdc04/

thanks...

Password Change - Users unable to login
Logoff on idle with lock already active
My Network Places - Across WAN
Change ADAM Service A/c Password
AzMan and ADAM Issues
Problem with DNS for VPN users
List of users logon to AD
IE proxy settings are not applied from GPO
Re Create one DC
Windows Server 2008 DCPROMO