Active Directory Security Settings

G

Guest

I have a slight problem with some rights in Active Directory it appears that
all of the basic users inheart all of there permissions from parent level's
but the administrators do not, the box is unchecked where it says inhert
rights from parent.

No matter when i do when i check the box it eventualy unchecks it self. I
have checked all of the rights at the root level nothing seems to be out of
line.

Another issue is on the basic users is that the authenticated users right
does not have read access to basic account objects. So trusted domains are
not able to see the basic accounts in the domain.

When i look at the rights that are passed down from the parent level it says
that authenticated users have read rights, and the basic users are inheriting
these rights so it should stay check at the user level but its not.

Can anyone point me in the right direction ?

Thanks
~BB
 
G

Guest

Brian,

Hope you are doing good.
Regarding the issue below.

Folders, files that are created under the parent domain get the rights that
are assigned to the parent inheritted to the child folders.

But when you change the permission settings of any folder, then you will
have to set the other folders too with the different permissions.

Hence it is not getting inheritted.

Incase if someone has a better answer, please let him know.

Regards,
(e-mail address removed)
 
G

Guest

I figured out this issue, by default Domain Admins Group does not inherit
rights from parent container.

Also permissions were changed for each container by our security group to
prohibit changes to make it down to the user level by selecting permission
only apply to container, not the objects in the container.
 
A

Anthony Yates

Since SP4, ACLs are not inherited by groups that have greater rights in the
domain than the group being inherited. A user with lower rights can not
inherit control of an account with greater rights.
For example, suppose you delegate Full Control of an OU to the Helpdesk. In
the OU you have an account that is a member of Domain Administrators. If the
permissions were inherited, the Helpdesk could reset the password of the
domain administrator and obtain domain admin rights. Therefore the
inheritance is filtered, and any conflicting inheritance removed.
Rights that are filtered out are not reapplied if you move OU,
Anthony
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Active directory home folder connection issues. 3
Setting directory permissions 2
verified users in root of active directory 2
Home Folder Security Settings Question 1
How do I delegate extended rights? 9
Active Directory Security Specificity 1
Active Directory Setup & Administration 3
HELP - specifying ability to add a workstation to a domain. 1

Top