Re: Confidential Attribute -

Hello George

Thanks for your reply. I just tried exactly the same. its not working the
way i am expecting.. I want delegate the access control to global group
additional to Bultin Admin Groups. To Read/Write this attribute for a
specified user or group.

regards
bob



"Jorge de Almeida Pinto [MVP - DS]" wrote:

see:
http://blogs.dirteam.com/blogs/tomek/archive/2005/11/21/confidential_bit.aspx

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"MIIS Query" <MIISQuery@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E3B81F27-9922-4F40-A312-F68AA8A58090@xxxxxxxxxxxxxxxx
Hi All

My Enviroment is Windows 2003 R2. My requirement is to creates couple of
attribute and those attribute are very private and should have access only
to
Admin or for sepcified user.

After Searing on Net, I ended with the 2003 SP1 feature of Confidential
Attribute, where it gives the option of Extending the schema attribute as
confidential and delegate access to the specified users or group. As
mention
int he link below.
http://support.microsoft.com/kb/922836
This KB article say, the only tool to set DSACLS on the Attribute is
ldp.exe
which is from Windows R2 ADAM, But the DSACL i am able to set through
ADSIEDIT.MSC. This is the same ACL if i set using the ldp.exe using SACL
method. Its confusing..

My problem here is ,

I have tried everything mentioned in the article. The Only problem is the
Read/Write access to the confidential attribute is not working as required
by
me. Have anyone tried of giving the rights on confidential attribute or
normal Attribute access control.

Thanks for everyone who also read my question.

Regards
bob







.

Relevant Pages

  • Re: Two Win2k3 questions ... Roaming Profiles & Access Privileges ...
    ... >DHCP, DNS, Print Server, and File Server responsibilities. ... lookup zone on Windows NT" ... http://support.microsoft.com?kbid=229873 "Delegate Control Wizard Cannot Be Used ...
    (microsoft.public.win2000.advanced_server)
  • [Full-disclosure] Windows Access Control Demystified.
    ... that reads access-control configuration information from the Windows ... and debug the complex interactions of access control on installations ... Sudhakar Govindavajhala is a finishing PhD student at Computer Science department, ...
    (Full-Disclosure)
  • Re: Posting an event
    ... Be careful with threads and windows forms - always remember the golden ... Private Delegate Sub DoStuffDelegate ... Private Sub DoStuff ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Restricting folder access on network
    ... throught windows media player throught the shared music files on computer 1 ... "the all user account" and it goes right in without a password. ... >>on the folder and click on the security tab, simple file sharing is disabled ... no version of Windows has access control based on computer ...
    (microsoft.public.windowsxp.network_web)
  • Re: Single Sign On
    ... eTrust suite contains access control software, ... UCAMS has various clients including Windows ... MS-SQL servers can be setup ... to utilize Windows authentication. ...
    (Security-Basics)