Information Technology Reference
In-Depth Information
6. Click the
Create a custom task to delegate
option button, and then click
Next
.
7. Click the
This folder, existing objects in this folder, and creation of new objects in this folder
option button, and then click
Next
.
8. Click the
Full Control
check box in the Permissions list box. Click
Next
, and then click
Finish
.
9. Right-click
TestOU1
and click
Properties
. Click the
Security
tab, and then click the
Jr Admin
ACE. Verify that the
Full control
check box in the Allow column is selected.
10. Click the
Advanced
button. Click the
Effective Permissions
tab, and then click the
Select
button.
11. Type
jradmin
, and then click
OK
. The effective permissions for jradmin are less than Full
control because the Everyone group has a Deny Delete permission for this OU. The Deny
Delete permission is added to every new OU by default and can be removed by clearing the
Protect object from accidental deletion check box in the Object tab. Click
OK
twice.
12. Log off and log on as
jradmin
. Open Active Directory Users and Computers. If you see the
UAC prompt to enter your password, enter
Password01
, and then click
OK
.
13. Create an OU named
TestOU1-L2
under TestOU1 and an OU named
TestOU1-L3
under
TestOU1-L2 so that the OU structure looks like Figure 4-8.
4
TestOU1
TestOU1-L2
TestOU1-L3
Figure 4-8
The Test OU structure
14. In the TestOU1 container, create a user named
jrtest1
. Create a global security group called
jrgroup1
in TestOU1, and add jrtest1 as a member of this group.
15. Click
View
,
Advanced Features
from the menu. Right-click
TestOU1-L2
and click
Properties
.
16. Click the
Security
tab, and then click the
Advanced
button. In the Advanced Security Settings
dialog box, click the
Owner
tab. Note that jradmin is the owner of this OU because the
jradmin user created the OU. Click
OK
.
17. Click the
Add
button. Type
jrgroup1
, and then click
OK
. By default, the ACE for jrgroup1
has the Allow Read permission.
18. Click
jrgroup1
in the Group or user names list box, and then click the
Write
and
Create all
child objects
check boxes in the Allow column. Click to clear the
Read
check box in the
Allow column, and then click
Apply
.
19. Click the
Advanced
button, and then click the
Effective Permissions
tab. Click the
Select
button, type
jrtest1
, and then click
OK
. In the Effective permissions list box, note that jrtest1
gets the Write and Create objects permissions because jrtest1 is a member of jrgroup1. As a
member of the special group Authenticated Users (discussed in Chapter 5), jrtest1 also gets
the Read permission. Click
OK
.
20. Click the
Add
button. Type
jrtest1
, and then click
OK
.
21. Click
jrtest1
in the Group or user names list box, and then click the
Write
check box in the
Deny column. Click to clear the
Read
check box in the Allow column, and then click
Apply
.
Search WWH ::
Custom Search