Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Default User object security
Default User object security [message #326647] Tue, 24 November 2009 13:35 Go to next message
2010  is currently offline 2010
Messages: 36
Registered: September 2009
Member
Windows 2003 SP2

I am trying to fix a problem where delegation of control is not working
properly to usr OUs. I ca't seem to keep permissions on user account objects
that allow user accounts to be moved between OUs. I think it may be related
to protected account membership on the user objects themselves. ALso the
"inherit permissions from parent" is unchecked on user objects. Certain user
new user objects work fine and are inheriting. What are the default security
to use on user objects so that i can remvoe membership from protected groups
and how should I allow inherit permissions from OU container so i can delgate
permisions.?
Re: Default User object security [message #326711 is a reply to message #326647] Tue, 24 November 2009 14:45 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello 2010,

Please describe in detail what you have configured in delegate control, so
we can reproduce your problem.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Windows 2003 SP2
>
> I am trying to fix a problem where delegation of control is not
> working properly to usr OUs. I ca't seem to keep permissions on user
> account objects that allow user accounts to be moved between OUs. I
> think it may be related to protected account membership on the user
> objects themselves. ALso the "inherit permissions from parent" is
> unchecked on user objects. Certain user new user objects work fine
> and are inheriting. What are the default security to use on user
> objects so that i can remvoe membership from protected groups and how
> should I allow inherit permissions from OU container so i can delgate
> permisions.?
>
Re: Default User object security [message #327219 is a reply to message #326647] Wed, 25 November 2009 06:19 Go to previous message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Sounds like you understand that protected groups are causing the inherit
flag to be unchecked.
http://technet.microsoft.com/en-us/magazine/2009.09.sdadminh older.aspx

What you haven't defined is what you want the users who are in protected
groups to be able to do once they have been removed from these groups. It
really is not possible to tell you what the specific permissions a protected
group has. Just define what you need users to be able to do and I believe
the folks monitoing this NewsGroup will be able to guide you through it.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"2010" <2010@discussions.microsoft.com> wrote in message
news:80E4E1BB-AED5-468A-8931-B7DF07252FBA@microsoft.com...
> Windows 2003 SP2
>
> I am trying to fix a problem where delegation of control is not working
> properly to usr OUs. I ca't seem to keep permissions on user account
> objects
> that allow user accounts to be moved between OUs. I think it may be
> related
> to protected account membership on the user objects themselves. ALso the
> "inherit permissions from parent" is unchecked on user objects. Certain
> user
> new user objects work fine and are inheriting. What are the default
> security
> to use on user objects so that i can remvoe membership from protected
> groups
> and how should I allow inherit permissions from OU container so i can
> delgate
> permisions.?
Previous Topic:DSGET not working on Windows 7!!
Next Topic:How does AD Users and Computers tool recognize a user?
Goto Forum:
  


Current Time: Wed Jan 17 05:35:13 MST 2018

Total time taken to generate the page: 0.03886 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software