How to deny a read access to an object's attribute in AD

  • Thread starter =?ISO-8859-2?Q?Ji=F8=ED_Jany=B9ka?=
  • Start date
?

=?ISO-8859-2?Q?Ji=F8=ED_Jany=B9ka?=

Hi,

We're going to use the "Otherpager" attribute of User objects in our
Active Directory for storing an information, that shouldn't be available
for reading to most users (only Admins should have read/write access).
By default it is available to everyone like other attributes are.
I'd like to know, if the following method is correct, eventually if
there is a simpler way...

AD Users&Computers

- right-click on our domain name, Properties
- Security card
- Advanced button

- in the table of permissions select "Allow | Everyone | Read All
Properties ..."
- Edit button
- Properties card
- select Apply onto "User objects"
- uncheck "Allow" checkbox for "Read Pager Number(Others)"
- check the "Apply these permissions to objects and/or containers within
this container only" checkbox (needed ?)
- confirm OK a few times

- repeat the same steps for "Allow | Authenticated Users | Special ..."
(needed ?)


All permissions are still intact, I don't have any "test environment"
here and I'm a bit afraid of screwing up something... ;-)


Thanx for any comments !
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to prevent user to see default AD containers? 1
inheretance is broken - sdprop adminsdholder, builtin container an 0
NTFS Permissions - Sub-Folders 4
Read Only attribute unremovable ?? 1
Access to AD by others / Delegating 1
AD does changes undone after a while 3
How can I use icacls to acheive the same deny results as with the 1
How to set partition root security? 2

Top