Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Users allow inheritable permissions check box
Users allow inheritable permissions check box [message #421127] Sun, 28 March 2010 07:31 Go to next message
jas0n  is currently offline jas0n  United Kingdom
Messages: 10
Registered: August 2009
Junior Member
Windows 2003 native domain

Since moving to Exchange 2007, some users have a problem accessing Outlook
Web Access, an error page is shown indicating a security problem within AD.

These user accounts, when checked, have the 'Allow inheritable permissions'
check box unticked. This is found from properties of the user, security tab,
advanced, a check box for 'Allow inheritable permissions'.

Enabling inheritance resolves the problem but there doesn't seem to be any
pattern as to which users have this unchecked. So far, only 5 out of 1000
have been reported and I'd like to resolve the issue for all user accounts.

Initially, I would like to identify all user accounts which have the
inheritance check box unticked, how would we achieve this without opening
each user account manually ?
Re: Users allow inheritable permissions check box [message #421409 is a reply to message #421127] Sun, 28 March 2010 17:54 Go to previous message
Andrei Ungureanu  is currently offline Andrei Ungureanu  Romania
Messages: 82
Registered: July 2009
Member
It can be done using a vbscript. I have an example here
http://www.winadmin.ro/2009/11/24/cum-verificam-bifa-allow-i nheritable-permissions-in-active-directory/
All the text is in Romanian but I hope I will have time to translate it in
English soon. Try the script in a test environment and correct any errors
that will appear during copy/paste.

Andrei
www.winadmins.net


"B0b" <no@thank.you> wrote in message
news:#TKl3mnzKHA.928@TK2MSFTNGP05.phx.gbl...
> Windows 2003 native domain
>
> Since moving to Exchange 2007, some users have a problem accessing Outlook
> Web Access, an error page is shown indicating a security problem within
> AD.
>
> These user accounts, when checked, have the 'Allow inheritable
> permissions' check box unticked. This is found from properties of the
> user, security tab, advanced, a check box for 'Allow inheritable
> permissions'.
>
> Enabling inheritance resolves the problem but there doesn't seem to be any
> pattern as to which users have this unchecked. So far, only 5 out of 1000
> have been reported and I'd like to resolve the issue for all user
> accounts.
>
> Initially, I would like to identify all user accounts which have the
> inheritance check box unticked, how would we achieve this without opening
> each user account manually ?
>
>
Previous Topic:Starter GPOs
Next Topic:Creating New Infrastructure
Goto Forum:
  


Current Time: Tue Jan 23 16:38:50 MST 2018

Total time taken to generate the page: 0.05748 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software