Announcement

Collapse
No announcement yet.

accessing active directory objects

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • accessing active directory objects

    I have been practising on my DC and member server in denying access to certain object types. However it hasnt worked. What i am trying to do is deny access to a specific user or group to user objects.

    I went on the parent object selecte properties went to advanced added a group and in the special access permissions i denied everything to that user or group. However when i log onto another 2000 machine i go into that OU where i placed the permission but the user can still view those objects.

    I can do this at the child level denying read access but that only filters out the object where you have applied that permission and would be time consuming going to each individual child object denying acess.

    Does anyone know of a quicker way of denying an object class?
    Beauty is in the eyes of the beholder

  • #2
    Have you checked that the child objects are inheriting the security permissions ?
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment


    • #3
      i know why its not doing it now, as i am running in mixed mode t wont allow filtering of a specific object class, the everyone group that is nested in the pre windows 2000 built in group prevents you from doing this, i had a read about this from a document on the www.nsa.gov site.
      Beauty is in the eyes of the beholder

      Comment


      • #4
        That figures... In mixed mode Everyone group has read access to entire AD.

        Not sure, but you can try removing the Everyone from Pre-Windows2000 group without switching to native mode. (wonder if it will breake anything).
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment

        Working...
        X