Re: Prevent Domain Users From Browsing Around in Active Directory?
- From: "Ace Fekay [Microsoft Certified Trainer]" <firstnamelastname@xxxxxxxxxxx>
- Date: Fri, 27 Mar 2009 23:51:41 -0400
In news:FB9B6751-DC89-45B6-9FD1-AAC714C8ECED@xxxxxxxxxxxxx,
Mygposts <Mygposts@xxxxxxxxxxxxxxxxxxxxxxxxx>, posted the following:
I setup a custom Taskpad for users that had a need to edit
description fields for computer accounts in certain OUs. It seemed
fine until I noticed it was pretty easy to accidently or purposefully
break out of their assigned OU in the Taspad view and end up browsing
the entire directory structure. Even though I removed most the menus
and toolbars, all they have to do is right click to get around this.
I also noticed that if any domain user downloads and installs the
Active Directory Users and Computers tool on their XP machine, they
can get view the entire active directory structure when they have no
business doing that.
Is there anyway to block their access to random domain users browsing
around in AD without the restriction causing problems with their
needed permissions for authentication or changing their passwords?
When you create the custom MMC, do not allow context menus, otherwise you will see the results you are currently experiencing.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@xxxxxxxxxxxxxxxxxxxxxxx
For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
.
- Follow-Ups:
- References:
- Prev by Date: Re: LDAP Responding on TCP but not UDP - Win 2008
- Next by Date: Re: User authenticates, skips logon script
- Previous by thread: Prevent Domain Users From Browsing Around in Active Directory?
- Next by thread: Re: Prevent Domain Users From Browsing Around in Active Directory?
- Index(es):
