Re: Windows 2003's Delegation control wizard and property sets

From: Guido G (guidoDOTgrillenmeierAThpANOTHERDOTcom)
Date: 12/20/04

Date: Mon, 20 Dec 2004 23:14:42 +0100

you should treat the property sets just like permissions for properties in
the delegwiz.inf file.
should work when you use the cn of the property, not the display name (e.g.
"Personal-Information" for the "Personal Information" propset).

Even though they're not treated as Extended Rights (ControlRights) in the
Delegation Wizard, they are defined as an Extended Right in the Config NC,
where you can also see the cn's of the property sets:


"neo [mvp outlook]" <> wrote in message
> I've been reading through the Active Directory delegation whitepaper
> published by Microsoft and one of the recommendations is try to stick to
> right delegation based on property sets since activating individual
> properties may not be desirable. Unfortunately the paper does not cover
> how to delegate Property Sets via the delegwiz.inf. The paper is very
> that Property Sets are not Extended Rights. So what should them template
> look like if I wanted to delegate the "Public Information" and or "Web
> Information" property sets?
> Thanks...