AD Schema Security
From: SKM (anonymous_at_discussions.microsoft.com)
Date: 02/18/04
- Next message: Philip: "RPC Locator Service"
- Previous message: Ben Askew: "Task Manager won't reveal itself"
- Next in thread: Ozone: "Re: AD Schema Security"
- Reply: Ozone: "Re: AD Schema Security"
- Reply: Roger Abell [MVP]: "Re: AD Schema Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Feb 2004 03:41:07 -0800
Hi all
Is there a "backdoor" or way for an application installation to
programmatically, get elevated privileges to update the AD schema?
Eg. the Schema Admins group is empty and the Schema partition is not set to
be writable, however an end-user attempts to install an application on their
workstation which tries to update the schema as part of the install. To be
able to isntall the app the application is already in an elevated privilege
state. Is there a way to ensure that there is no chance a rogue app
installed by an end-user can update the schema?
I would like to ensure that in this situation, the schema update by the
users application install should FAIL
Thanks
- Next message: Philip: "RPC Locator Service"
- Previous message: Ben Askew: "Task Manager won't reveal itself"
- Next in thread: Ozone: "Re: AD Schema Security"
- Reply: Ozone: "Re: AD Schema Security"
- Reply: Roger Abell [MVP]: "Re: AD Schema Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
