Re: AD Delegation: Seeking guide to dssec.dat
From: Joe Richards [MVP] (humorexpress@hotmail.com)
Date: 11/02/02
- Next message: Joe Richards [MVP]: "Re: Should I allow my users to add computers to the domain"
- Previous message: Too Hot: "Is this a system event or something more sinister?"
- In reply to: Anne Ford: "Re: AD Delegation: Seeking guide to dssec.dat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Joe Richards [MVP]" <humorexpress@hotmail.com> Date: Sat, 2 Nov 2002 10:36:59 -0500
Ah you are looking for detailed info on what every attribute is then. You
can actually delegate that stuff without doing anything in dssec.dat, that
only makes it so you can see it in some tools. Things like adsiedit.msc and
dsacls.exe can do it anytime irregardless of whether or not dssec.dat even
exists.
That detailed info on what every attribute is for and possible values
doesn't exist.
-- Joe Richards www.joeware.net --- "Anne Ford" <anne.ford@eds.com> wrote in message news:59ff01c27f91$60c8e800$35ef2ecf@TKMSFTNGXA11... > Thanks! I was hoping for something that gave more > information on what displaying the attributes for > delegation would accomplish. For instance, I would not > intuitively know that displaying the Read lockoutTime and > Write lockoutTime attributes will allow me to delegate the > right to unlock locked accounts (Q294952). > > >-----Original Message----- > >What are you looking for outside of what is in > > > >http://support.microsoft.com/default.aspx?scid=kb;en- > us;Q296490 > > > >The overall layout is > > > >[object] > >@=x ; > Default filter value for > >all attributes of the object > >attribute=x ; Filter > value for specific > >attribute of the object > > > > > >7 (111) - Totally filtered, do not display > >2 (010) - Display Read permission > >1 (001) - Display Write permission > >0 (000) - Display Read and Write permission > > > >Basically it is a 3 bit flag. Looks like bit 0 is read > permission, bit 1 is > >write permission, bit 2 is whether to display the > attribute at all. > > > > > > > >-- > >Joe Richards > >www.joeware.net > >--- > > > >"Anne Ford" <anne.ford@eds.com> wrote in message > >news:990301c27936$fc858980$35ef2ecf@TKMSFTNGXA11... > >> Anyone have a good resource/guide that describes the > >> behavior associated with the line entries of % > systemroot% > >> \system32\dssec.dat? (External-facing web Technet > >> returned exactly two hits on the search for dssec.dat > >> under Windows 2000.) Thanks! > > > > > >. > >
- Next message: Joe Richards [MVP]: "Re: Should I allow my users to add computers to the domain"
- Previous message: Too Hot: "Is this a system event or something more sinister?"
- In reply to: Anne Ford: "Re: AD Delegation: Seeking guide to dssec.dat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
