G
Guest
I am having problem with security propagating down from top level OU's.
For example, I removed some groups that had way too much access from the
root of the domain (poor design that I am taking over and trying to clean
up). I then added the proper security at the OU level.
For example Help Desk being able to add/delete computers at the root plus
almost full control.
Added Helpdesk add/delete on the Computers OU
I made sure Inheritance was turned on all the way to the bottom of the OU
structure
I take a look at the OU under computers (Laptops for example), it still has
the old security (almost full control). I take a look at the computer objects
and they have the almost full control granted to helpdesk also. When I move a
computer directly under the Computers OU, it also retains the almost full
control granted to the Helpdesk.
I need to force propagation for the new security I put in place, but do not
want to have to go object by object to do so.
#1 How do I force the Propagation to take place
#2 Why would it have not propagated in the first place
I know for a fact that the computer Objects were not manually set, that they
had to be inherrited because there is no way in hell that someone manually
set the security on 400+ computers.
Oh, and this problem exists across the entire AD structure. Its not just
limited to the Computers OU or computer objects. Thanks
For example, I removed some groups that had way too much access from the
root of the domain (poor design that I am taking over and trying to clean
up). I then added the proper security at the OU level.
For example Help Desk being able to add/delete computers at the root plus
almost full control.
Added Helpdesk add/delete on the Computers OU
I made sure Inheritance was turned on all the way to the bottom of the OU
structure
I take a look at the OU under computers (Laptops for example), it still has
the old security (almost full control). I take a look at the computer objects
and they have the almost full control granted to helpdesk also. When I move a
computer directly under the Computers OU, it also retains the almost full
control granted to the Helpdesk.
I need to force propagation for the new security I put in place, but do not
want to have to go object by object to do so.
#1 How do I force the Propagation to take place
#2 Why would it have not propagated in the first place
I know for a fact that the computer Objects were not manually set, that they
had to be inherrited because there is no way in hell that someone manually
set the security on 400+ computers.
Oh, and this problem exists across the entire AD structure. Its not just
limited to the Computers OU or computer objects. Thanks