Information Technology Reference
In-Depth Information
•
Security
—Used to view and modify an object's permissions.
•
Attribute Editor
—Used to view and edit an object's attributes, many of which aren't avail-
able in standard Properties dialog boxes.
For now, you're most interested in the Security tab of an OU's Properties dialog box (see
Figure 4-4). The top section lists all accounts (user, group, and computer) that have an ACE in
the DACL. The bottom section lists the permission settings for each ACE. In Figure 4-4, Joe
Tech1's ACE is selected, and the bottom section shows Allow Special permissions for his per-
mission settings. To view details for this permission, click the Advanced button.
4
Figure 4-4
The Security tab of an OU's Properties dialog box
Activity 4-3: Viewing Object Permissions
Time Required:
15 minutes
Objective:
Explore the Advanced Features option in Active Directory Users and Computers.
Description:
You have just delegated control of the Marketing OU to one of your technicians and
are curious to see how the OU's DACL has changed. To view the settings, you need to enable the
Advanced Features option in Active Directory Users and Computers.
1. If necessary, log on to your server as Administrator, and open Active Directory Users and
Computers.
2. Right-click the
Marketing
OU and click
Properties
. Note the three tabs: General, Managed
By, and COM+. Click
Cancel
.
3. Click
View
,
Advanced Features
from the menu, and verify that Advanced Features is selected
with a check mark. The display changes to include four new folders: LostAndFound,
Program Data, System, and NTDS Quotas.
4. Right-click the
Marketing
OU and click
Properties
. Note the three additional tabs: Object,
Security, and Attribute Editor.
5. Click the
Object
tab. The information displayed is useful in troubleshooting. In addition,
when the Protect object from accidental deletion check box is selected, the object can't be
deleted unless permissions are changed manually.
Search WWH ::
Custom Search