View whole AD with adminpak.msi

G

Guest

How I could restrict after a normal domain user installed "adminpak.msi" to his workstation and run "Active Directory Management" to have casual view of all AD contents?

I have tried to apply Local Group Policy (user configuration/administrative templates/destop/active directory - hide active directory folder) which still not work to restrict this normal users to see AD contents? This normal users could be able to run "Group Policy Management" to check the loopholes on what he could bypass them?

It is because the AD contents are very sensitive including personal information and also related company policies to special group of people.
 
J

Joe Richards [MVP]

You can't stop people from looking at AD unless you secure AD itself. This can
be fun because you can quickly break things. The thing is that adminpak is just
one of many many tools for looking at AD so trying to block those tools, it
pretty unhelpful if the people truly want to get in. GPOs are especally fun
because you can simply open the gpo text files in sysvol and look directly at
them if you want. They have to be readable to the user or else the user can't
apply them.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to disable the use of adminpak.msi? 4
Creating view problem 2
Looking to disable AD HOC option 3
Looking for a way to disable ad hoc option from wirless in 1
user and administrator policies 2
EFS Auto enroll 0
Password Protecting/Hiding Files & Folders on Windows 2003 server??? 5
AD administrating 2

Top