Re: AD Schema Security
From: Ozone (rs_dovers_at_yaho.com)
Date: 02/18/04
- Next message: Steven L Umbach: "Re: Outlook Permissions - W2000"
- Previous message: bewildered2_at_ihatespam.djh: "What have I done and can it be undone?"
- In reply to: SKM: "AD Schema Security"
- Next in thread: Roger Abell [MVP]: "Re: AD Schema Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Feb 2004 11:16:16 -0600
If you are not in the schema admin group, there is no way to get around
updating the schema. If there is a way around it, I am not aware of how to
do it even with a program install. If someone knows of a way please let us
know.
Ozone
"SKM" <anonymous@discussions.microsoft.com> wrote in message
news:6DD25A75-A7E1-46D4-8BAF-D18398BFA114@microsoft.com...
> Hi all
>
> Is there a "backdoor" or way for an application installation to
> programmatically, get elevated privileges to update the AD schema?
>
> Eg. the Schema Admins group is empty and the Schema partition is not set
to
> be writable, however an end-user attempts to install an application on
their
> workstation which tries to update the schema as part of the install. To be
> able to isntall the app the application is already in an elevated
privilege
> state. Is there a way to ensure that there is no chance a rogue app
> installed by an end-user can update the schema?
> I would like to ensure that in this situation, the schema update by the
> users application install should FAIL
>
> Thanks
>
>
>
>
>
>
>
>
- Next message: Steven L Umbach: "Re: Outlook Permissions - W2000"
- Previous message: bewildered2_at_ihatespam.djh: "What have I done and can it be undone?"
- In reply to: SKM: "AD Schema Security"
- Next in thread: Roger Abell [MVP]: "Re: AD Schema Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
