Re: restrict read access

From: Paul Bergson (pbergson_at_mnpower.com)
Date: 07/13/04 

Date: Tue, 13 Jul 2004 13:24:31 -0500

Have you checked one of the objects that you want to restricts security?
Check to see if the objects are inheriting the parent ou's security. 

-- 
Paul Bergson  MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
<anonymous@discussions.microsoft.com> wrote in message
news:2b4c201c468e1$b6a9ad00$a601280a@phx.gbl...
> Hi Paul,
>
> Sorry:
> of cause we have an 2003-Ad and an old nt4-domain with
> trusts and all the things...
>
> We have an ad-account used in the nt4-domain by an
> application. We try to restrict the app (using the ad-
> account) just to read _one_ OU-branch and not all accounts
> from the ad.
> We used the security settings (mmc) to deny full control
> on all other OUs. It did'nt work.
> The app read all objects.
>
>
> >-----Original Message-----
> >You seemed to have posted conflicting information.  You
> can't have one
> >domain inside of another.  What ou did you deny?
> >
> >It would be best if you  repost this with additional
> details and a more
> >accurate description of the network.
> >
> >-- 
> >
> >Paul Bergson  MCT, MCSE, MCSA, CNE, CNA, CCA
> >
> >This posting is provided "AS IS" with no warranties, and
> confers no rights.
> >
> >
> >
> >"ano" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:2bb7601c468ae$4dff9450$a401280a@phx.gbl...
> >> Hi folks,
> >>
> >> we have an ad-domain with an nt4-domain. in this domain
> is
> >> an (very) old app that reads all accounts (with an
> service-
> >> account) and stores in an interna database.
> >>
> >> we would like to restrict that to an special OU. But
> how???
> >>
> >> we set the permissions for the service-account to "full
> >> control = deny", but it did'nt work. we have still all
> >> domain-accounts in the db. the service-account still
> reads
> >> all ad-objects.
> >>
> >> any idea how to restict that?
> >>
> >> thanks...
> >
> >
> >.
> >

Relevant Pages

  • Re: How to restrict program access in guest account?
    ... To enforce file and folder security, boot the computer in Safe Mode and log ... Explorer and locate the file/folder you wish to restrict. ... NoWindowsSetupPage - Disable Windows Components Wizard ... >I want to create an account for visitors to use that will allow then> internet, games, and Office programs and nothing else. ...
    (microsoft.public.windowsxp.customize)
  • Re: Question about application access
    ... restrict and click Deny next to the Full Control ... security, it might make more sense to run IE in kiosk mode. ... how do I deny access to task manager though? ...
    (microsoft.public.win2000.security)
  • Re: user rights in windows xp
    ... > in to the built-in Administrator account. ... Once there, open Windows ... > Explorer and locate the file/folder you wish to restrict. ... Go to the Security tab. ...
    (microsoft.public.windowsxp.customize)
  • Re: Protect user account from being deleted
    ... Deny the right to delete to the account that is doing the delete. ... Right click on the user object and select properties, click on the security ... tab, click on the advanced button, click the add button, enter the user, ...
    (microsoft.public.windows.server.active_directory)
  • RE: Server 2003 Printer Security Bug
    ... I tried to set permissions directly from the first security screen but it ... Advanced permissions to set Deny Print. ... I need to restrict this printer to select people. ... I built a Global security group. ...
    (microsoft.public.windows.server.general)