Re: Problems with hiding the Builtin OU

From: Steven L Umbach (sumbach@ameritech.net)
Date: 03/10/03

• Next message: Jason Eldridge: "XCACLS user permissions"
• Previous message: Cesar B: "Network Place"
• In reply to: Christian: "Problems with hiding the Builtin OU"
• Next in thread: Christian: "Re: Problems with hiding the Builtin OU"
• Reply: Christian: "Re: Problems with hiding the Builtin OU"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Steven L Umbach" <sumbach@ameritech.net>
Date: Mon, 10 Mar 2003 16:30:29 GMT

      Try to do what you are doing at the object level - not the container
level. In other words change or remove permissions on the the administrators
group object itself. Also if a group is listed on the security list and has
no "checkmarks" it may still have permissions at the advanced settings. Be
careful using any deny permissions as administrators are also members of the
everyone and users group. Let us know if it works. --- Steve

"Christian" <lets_keep_posts@newsgroups.plz> wrote in message
news:OCfmmow5CHA.2300@TK2MSFTNGP11.phx.gbl...
> Hello,
>
> I want to delegate control and hide some OU's from users who browse the
AD,
> mainly the Builtin OU as it as the members of admin groups and so forth.
>
> By removing the list content attributes for Authenticated Users, the OU is
> invisible but I saw some problems; users are unable to authenticate via a
> firewall because it does not have access to the SAM_USER and SAM_DOMAIN
> object types which are accessed through the Builtin OU. I suspect that by
> rendering the OU invisible other problems could arise.
>
> All my admin accounts (SYSTEM, etc..) have Full Control on the OU.
>
> How can I go around this problem and still prevent users from browsing the
> OU?
>
>
>
>
>
>
>
>

• Next message: Jason Eldridge: "XCACLS user permissions"
• Previous message: Cesar B: "Network Place"
• In reply to: Christian: "Problems with hiding the Builtin OU"
• Next in thread: Christian: "Re: Problems with hiding the Builtin OU"
• Reply: Christian: "Re: Problems with hiding the Builtin OU"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Authenicated Users Query ... Have you tried your test at a time when the test non-domain PC is ... > We have a W2K3 DC which hosts a share (share permissions: ... shouldn't the fact that no users (apart from Administrators) ... shouldn't Authenticated Users only allow users who are logged on ... (microsoft.public.windows.server.security) Authenicated Users Query ... We have a W2K3 DC which hosts a share (share permissions: ... open the share on the server when logged in as a local administrator and see ... shouldn't the fact that no users (apart from Administrators) ... shouldn't Authenticated Users only allow users who are logged on ... (microsoft.public.windows.server.security) Re: Shared permissions vs. security ... Did you have to make the users power users or administrators only after you ... write/modify permissions to a folder if that is what they need to do their ... -- Verify that membership in the administrators group on all computers is ... updates at Windows Updates. ... (microsoft.public.win2000.security) RE: Access Denied when running RSoP ... The launch and activation security descriptor for the COM Server application ... It contains Access Control Entries with permissions that are ... which is a part of the McAfee Common ... > Administrators - Full Control - This namespace and subnamespaces ... (microsoft.public.windows.server.sbs) Re: Open With.. functionality doesnt fully work ... key's permissions are getting munged, ... > Small correction: ... > Ramesh, Microsoft MVP ... >> Administrators ... (microsoft.public.windowsxp.customize)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint