Re: Windows 2003's Delegation control wizard and property sets
From: neo [mvp outlook] (neo_at_online.mvps.org)
Date: 12/22/04
- Next message: Steve Riley [MSFT]: "Re: Password Policy"
- Previous message: Roger Abell [MVP]: "Re: Password Policy"
- In reply to: Guido G: "Re: Windows 2003's Delegation control wizard and property sets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Dec 2004 11:17:18 -0800
Cool... since I'm duplicating the error in 2 different sites I'm curious to
see what u come up with because I am out of ideas.
"Guido G" <guidoDOTgrillenmeierAThpANOTHERDOTcom> wrote in message
news:%23R%23WoLy5EHA.2180@TK2MSFTNGP12.phx.gbl...
> hmm - I'll check this out and give you feedback - likely after X-mas...
>
> /Guido
>
> "neo [mvp outlook]" <neo@online.mvps.org> wrote in message
> news:eiVO5gu5EHA.1188@tk2msftngp13.phx.gbl...
>> I tried the CN and I get a message back of "The templates could not be
>> applied. One or more the templates are not applicable. Click Back and
>> select different templates, and then try again." In case you need to
>> know
>> the platform, I'm working with Windows 2003 (RTM)
>>
>> Just to make sure I understand you right, here is the template.
>>
>> [template161]
>> AppliesToClasses=domainDns,organizationalUnit,container
>> Description = "Personnel - User Management"
>> ObjectTypes = user
>>
>> [template161.user]
>> Web-Information=WP
>> Public-Information=WP
>>
>> "Guido G" <guidoDOTgrillenmeierAThpANOTHERDOTcom> wrote in message
>> news:%23%23t5PFu5EHA.992@TK2MSFTNGP12.phx.gbl...
>> > you should treat the property sets just like permissions for properties
> in
>> > the delegwiz.inf file.
>> > should work when you use the cn of the property, not the display name
>> > (e.g.
>> > "Personal-Information" for the "Personal Information" propset).
>> >
>> > Even though they're not treated as Extended Rights (ControlRights) in
> the
>> > Delegation Wizard, they are defined as an Extended Right in the Config
> NC,
>> > where you can also see the cn's of the property sets:
>> > CN=Extended-Rights,CN=Configuration,DC=YourRoot
>> >
>> > /Guido
>> >
>> > "neo [mvp outlook]" <neo@online.mvps.org> wrote in message
>> > news:OQN%23Uaf5EHA.2664@TK2MSFTNGP10.phx.gbl...
>> >> I've been reading through the Active Directory delegation whitepaper
>> >> published by Microsoft and one of the recommendations is try to stick
> to
>> >> right delegation based on property sets since activating individual
>> >> properties may not be desirable. Unfortunately the paper does not
> cover
>> > is
>> >> how to delegate Property Sets via the delegwiz.inf. The paper is very
>> > clear
>> >> that Property Sets are not Extended Rights. So what should them
> template
>> >> look like if I wanted to delegate the "Public Information" and or "Web
>> >> Information" property sets?
>> >>
>> >> Thanks...
>> >>
>> >>
>> >
>> >
>>
>>
>
>
- Next message: Steve Riley [MSFT]: "Re: Password Policy"
- Previous message: Roger Abell [MVP]: "Re: Password Policy"
- In reply to: Guido G: "Re: Windows 2003's Delegation control wizard and property sets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
