Minimum ACL to see someone in a search?
- From: "Michael D'Angelo" <nospam@xxxxxxxxxxxxxxx>
- Date: Wed, 13 Jul 2005 09:00:12 -0400
Greetings,
I just recently removed Everyone from the Pre-Windows 2000 Compatible Access
group, in order to try and tighten security for unauthenticated users.
However, I have noticed that when someone who is authenticated does a
search, to add a user to a group or ntfs permission e.g., they only see
about 5 users, when we have a lot more. All 5 are administrators. When I
compare the ACLs of these users with regular users, I see that for the
administrators, the Authenticated Users group has Read permission, i.e. Read
All Properties. However on other users, only "Read General Infomation",
"Read Personal Information", "Read Public Information" and "Read Web
Information" are checked. Also on every OU users have Read All Properties
and List Contents. I don't want to grant read access to all properties on
every user if I don't have to. What permissions do I need to check so that
authenticated users can see everyone when they do a search?
Thanks,
Michael D'Angelo
.
- Prev by Date: Re: Printing Event logs
- Next by Date: Re: adding the first 2003 dc in a 2000 AD domain
- Previous by thread: Clients loose local profiles
- Next by thread: Authorization Manager puzzle
- Index(es):
Relevant Pages
|
