Re: User account security inheritance

From: Wayne Tilton (Wayne_Tilton_at_NoSpam.Yahoo.com)
Date: 06/09/04 

Date: Wed, 09 Jun 2004 12:05:39 -0700

"Chris" <chris@icorp.net> wrote in
news:OvId0ElTEHA.3664@TK2MSFTNGP12.phx.gbl:

> I'm developing an asp application that will allow users to update
> their information in Active Directory. The application is working
> perfectly for 90% of people. Those who can't update their information
> receive the following message: "Active Directory error '80070005'
> General access denied error. These users are in the same container as
> those who are working (cn=users,dc=...) and access has been delegated
> to "self" to update the attributes in question (address, employeeID,
> etc)
>
> I've found that the accounts who receive this error are not inheriting
> security settings that were delegated at cn=users. When I check the
> box to enable from parent container, the permissions apply
> immediately, but when I check at a later time, the box is unchecked
> and their permissions are no longer inherited.
>
> How do I get these permissions to stick? Has anyone seen this before?
>
> Thanks,
> Chris
>
>

Users in one of the 'protected groups' (the list of which was updated
with SP4 to W2k3 level) get 'fixed' by the AdminSDHolder role once per
hour. Do a search on adminsdholder and you'll find all sorts of
information, including this:

http://support.microsoft.com/default.aspx?scid=kb;en-us;817433

Bottom line: working as designed

Wayne 

-- 
Standard Disclaimer: I said it, they didn't, so blame me, not them!
Spam Avoidance: My reply address is invalid to confuse the spambots.
You can reach me at 'Wayne_Tilton at yahoo dot com'

Relevant Pages

  • Re: Public Folder Permissions Issue - Please Help!
    ... Chris I think your best bet would be to restore the DB from a backup. ... There's probably an explicit deny permission for everyone set on the DB. ... deny permissions take precedence over allow permissions. ... > Under our Public Folder store in ESMthe inherit ...
    (microsoft.public.exchange.admin)
  • Re: VSTO Security policy
    ... Thank you Iouri, ... Chris ... > installation is busted in a strange way or your code group is not being ... > because another code level grants less permissions. ...
    (microsoft.public.vsnet.vstools.office)
  • Re: prevent the over-write
    ... Chris thanks for the input. ... This forum has many references to various permissions and security options ... worksheets is being deleted. ... over-write. ...
    (microsoft.public.excel.misc)
  • problems reestablishing permissions for myself
    ... I think I figured out how to remedy this, once I found the Administrator ... rebooted - and suddely I could access MSconfig as the ... Msconfig.exe, came to the first instance, clicked on permissions and found ... while logged on as Chris. ...
    (microsoft.public.windowsxp.setup_deployment)
Loading