I have an U (call it UX) that contains a bunch of
Us, which contain users. I want to hide the U so
that only administrators and members of one specific
group can see it if they browse the directory (say
with Windows 2000, or LDP).
I also want any new Us or other objects that I create
under UX to get the same treatment. I don't care if
others can see UX itself.
I know that Authenticated Users gets lots of read
permissions on new objects from the default security
descriptors (these have not been changed). This
domain also has Everyone still in the Pre-Windows 2000
Compatible Access group, because nobody has taken time
to figure out if it can be removed without screwing
anything up. The domain is W2K native with some W2K3
DCs and no clients below NT4 SP4.
I figured out a way to do most of this, but I was
hoping the experts here could tell me how they would
approach the issue. My solution ended up blocking
inheritance and removing the read permission for each
U manually
Thanks!
Start your day with Yahoo! - make it your home page