Prevent Domain Users from Browsing Active Directory OUs

E

Ehab

Hi
Is there anyway to to prevent domain users from viewing and browsing
active directory icon located in My network places.

by default all domain users can access it and see all the OUs and
users in active directory.

please help me.
 
D

Dmitry Korolyov [MVP]

If you want to restrict users from browsing, then you will have to remove
their Read and List Contents permission to appropriate OUs. However, you can
just remove the "Directory" folder from my network places using the
following GPO setting:

User Configuration\Administrative Templates\Desktop\Active Directory, "Hide
active directory folder"

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Active Directory


Hi
Is there anyway to to prevent domain users from viewing and browsing
active directory icon located in My network places.

by default all domain users can access it and see all the OUs and
users in active directory.

please help me.
 
J

Jerold Schulman

Hi
Is there anyway to to prevent domain users from viewing and browsing
active directory icon located in My network places.

by default all domain users can access it and see all the OUs and
users in active directory.

please help me.
Click to expand...

The Hide Active Directory folder policy (User
Configuration\AdministrativeTemplates\Desktop\Active Directory) hides the Active
Directory folder in My Network Places
See tip 3275 in the 'Tips & Tricks' at http://www.jsiinc.com


Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
G

Guest

Hi Dimka :

----- Dmitry Korolyov [MVP] wrote: ----

If you want to restrict users from browsing, then you will have to remov
their Read and List Contents permission to appropriate OUs. However, you ca
just remove the "Directory" folder from my network places using th
following GPO setting

User Configuration\Administrative Templates\Desktop\Active Directory, "Hid
active directory folder

--
Dmitry Korolyov [[email protected]
MVP: Windows Server - Active Director


H
Is there anyway to to prevent domain users from viewing and browsin
active directory icon located in My network places

by default all domain users can access it and see all the OUs an
users in active directory

please help me
 
E

Ehab

the whole thing is because i work in a university and i dont want
students to have access to computer names and user accounts for staff
and etc....
it can cause many problems if misused.

the questions is: is removing the read access from all OU's including
the container of the users. is this going to affect in anythig
like authentication, password reset, connectivity with domain, LDAP
requests. etc.....

i am afraid it would stop some domain services from be provided to
domain users if they dont have read access to the location of their
accounts..

Thanks and Regards,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Prevent Domain Users from Browsing Active Directory OUs 2
Prevent some Domain Admin Account from creating USERS, Groups, OUs 2
PLEASE HELP ME.... 1
Migrating from multiple child domain environment to single domain with OUs. What's correct method? 5
Child Domain 7
Domain Migration Questions 2
Sharing Permission 2
Browsing Active Directory from the Client! How? 5

Top