Re: Default Users properties

From: Pat (
Date: 01/31/04

Date: Sat, 31 Jan 2004 12:09:47 -0500

thank you for the response
On Sat, 31 Jan 2004 01:43:23 GMT, "Steven Umbach"
<> wrote:

>They can connect, but can not do much as a regular user. The main thing you can
>do to prevent access to other servers is to disable their ability to use
>Computer Management via Group Policy user configuration/administrative
>templates/Windows components/Microsoft Management Console/restricted&permitted
>snapins. You can also control access to other computers in the domain by using
>ipsec policies and modifying the user rights assignments for access this
>computer from the network and deny access to this computer form the network. Do
>not change those user rights on domain controllers however, or a user may not be
>able to logon to the domain. Be careful when applying Group Policy because if
>you apply it at the domain level it will also apply to administrators unless you
>give them deny permissions to apply in the GPO security policies which is
>referred to as "filtering" policy. --- Steve
>"Pat" <> wrote in message
>> If I create a new user and it is only a member of the domain users, I
>> log on with that user and can connect to a server thru computer
>> management . where would it pick up these rights, i want to remove
>> them.
>> On Fri, 30 Jan 2004 22:01:16 GMT, "Steven L Umbach"
>> <> wrote:
>> >The administrator, domain admins, and enterprise admins have everything but
>> >full control, system has full control, authenticated users has read,
>> >everyone has change password, and if present the pre-2000 group has read.
>> >You can also use the dsacls /s command to reset any object or container back
>> >to default settings as defined in the schema if need be. Be very careful
>> >changing any AD permissions and document/test well as you can prevent users
>> >from changing passwords, prevent administrators from modifying Group Policy,
>> >prevent Group Policy from applying to users, etc. --- Steve
>> >
>> >;en-us;281146
>> >
>> >"Pat" <> wrote in message
>> >
>> >> Running W2K with AD, what are the default Security settings for the
>> >> User folder in AD?
>> >