Re: restrict access to view ad
- From: Meinolf Weber <meiweb(nospam)@gmx.de>
- Date: Tue, 11 Nov 2008 08:14:57 +0000 (UTC)
Hello Altria,
The article is about delegating control/permissions in AD, which for you is not the solution i think.
The next step you should: !!!FIRST TRY IN A SEPARATED TEST ENVIRONMENT!!!
What you can try is, remove the Read permisssions for Authenticated users in AD. I will not know the effect of this on OU level or either domain level. Make sure all other configured groups are still in there.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Thanks Meinolf for your fast reply!
Users with admin rights on thier local ws do have rights to install
what
they like but I would just like a way to restrict users from viewing
ADUC.
The GPO can forbid snap-in but the user also has access of viewing
user
properties via address book (keep in mind my supervisor does not want
to
include GPOs). I came acorss this link which obviously has been a
major
concern for alot of system administrators but I think it is quite a
lengthy
process to adopt and was hoping there was a much easier way for this
to get
done.
http://redmondmag.com/columns/article.asp?EditorialsID=617
Does anyone know where I can get a detailed list of all the property
permissions so that I can start testing what impact to the user will
occur based on changing settings on a particular OU. I know for
certain there are some attributes that are required for proper
operation, such as user login which require those read permissions
nestled within ADUC. For heaveans sake I do not want to modify the
schema as well.
Thanks,
Altria
"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb66d72f8cb11635e6729e1@xxxxxxxxxxxxxxxxxxxxxxx
Hello Altria,
Without using Group policies this will be not possible i think. If
they are able to install the admin tools, you have also an open door.
You should really think about using GPO's for this.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello All,
How can I restrict users from viewing AD properties and contents,
such
as in
Administrative tools
I am not runnning GP.
Thanks
Altria
.
- Follow-Ups:
- Re: restrict access to view ad
- From: Altria
- Re: restrict access to view ad
- References:
- Re: restrict access to view ad
- From: Altria
- Re: restrict access to view ad
- Prev by Date: RE: Domain Permissions without being Domain Admin?
- Next by Date: Re: Sharing and Security tabs missing after W2K to W2k3upgrade
- Previous by thread: Re: restrict access to view ad
- Next by thread: Re: restrict access to view ad
- Index(es):
Relevant Pages
|
