I'm trying our Helpdesk admin accounts, so that they can create user
accounts, but not read users Home drives.

Removing the Write right to [All Attribute Rights] property of the server,
and modifying file rights, allows the Helpdesk to do just this. However, the
template used to create the account has a Volume Space Restriction setting
which results in an error when used.

I've tried adding the Compare/Read/Write rights to the Volume Space
Restriction property of the volume, but the error remains as long as the
Helpdesk user does not have the Write right to [All Attribute Rights]
property of the server. Is there something I'm missing?

I'm aware of a product from omni-ts which manages Helpdesk accounts without
allocating rights, but am keen to find the answer to this without resorting
to something other than ConsoleOne.

I'm running NW6sp5.

Thanks in advance