Announcement

Collapse
No announcement yet.

How do easily restrict access to view the group membership of domain admins.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How do easily restrict access to view the group membership of domain admins.

    Hi.

    For security reasons I want to restrict who can view the group membership in Active Directory of sensitive groups like domain admins, administrators etc.

    When looking at security - advanced for Authenticated Users it was displayed as special, when I looked at all of the rights it looked like a simple case or removing the tick off the "read memberof".. However doing so this create a seperate entry for authenticated users for every applied right... there was loads of them Believe this is as expected..

    Any clues on how I can restrict the visibility easily... Thanks

  • #2
    Re: How do easily restrict access to view the group membership of domain admins.

    Hi,

    This Should solve your problem.
    http://www.microsoft.com/technet/sec...in_groups.mspx

    anyhow, there should be no problem just removing the permissions (deleting the authenticated users group from the permissions list) for the groups you don't want their members to be seen. if you delete the "authenticated users" group, this should do the effect.

    i should warn you though that it could have some wierd side effects...
    Yaniv Feldman
    Microsoft Security Regional Director
    Microsoft Management Expert
    MCSA, MCSE, MCT

    Comment

    Working...
    X