Have LMS3.1 integrated with ACS and have set a group in ACS as Help Desk. Privileges seem correct in ACS and CiscoWorks as to CiscoWorks access for this level. However, a user re-assigned from default PL 15 to Help Desk privilege level can still access and configure devices via the Device Center - Telnet command.
What is the easiest or most direct way to limit this user to "no enable"? Change every (default) enable password, or program custom privilege level?