Thanks, Chuck.
This doesn't really work as expected for our business need - I don't think.
What I'm trying to accomplish are three things:
(1) allow all users to be able to reset their own password using the AD Password Reset - Self Service option
(2) allow any user who has not enrolled in password reset (or who may need extra special assistance) to place a call or walk-in to our Service Desk and request assistance in resetting their password
(3) restrict the capability to select the AD Password Reset - Service Desk process to either the ITIL role and/or Service Desk group
When I unchecked the Apply to all Users option in the AD Password Reset - Service Desk process and set the Group to the Service Desk, then no one - including Admin or a Service Desk group member - was able to use the Service Desk process (received the error message No service-desk processes found for the user selected.)
This was not what I wished to accomplish. Instead, I'd like for only the Service Desk staff to see the process AD Password Reset - Service Desk and be able to use this process to reset the password for any caller.
Any suggestions on how to restrict the selection of the Service Desk process to just the members in the Service Desk group and allow the Service Desk staff to reset any users password (regardless of what group the user is in)?
Can I use the role "password_reset_service_desk" in some way to restrict access/ability to select this process?
Is it possible to restrict access/ability to select this process to the ITIL role (thereby allowing any IT staff member with this role) to have the ability to assist customers in resetting passwords using the AD Password Reset - Service Desk process)?
