1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Prevent users viewing Active Directory

Discussion in 'Active Directory Exams' started by Jellyman_4eva, Sep 21, 2006.

  1. Jellyman_4eva

    Jellyman_4eva Byte Poster

    213
    4
    34
    Hi all,

    After a bit of a break I am back in the cert hunt starting with 70-290..

    I am getting through it all quite well but have a general question...

    How can I prevent domain authenticated users and everyone from using the Active Directory Users and Computers snap in and viewing the Active Directory.. I have toyed with this very briefly by doing such things as assigning users and groups the deny read permission on the OU or object...

    I am only doing this in VMWare so its not a production environment but I am curious as to if/how this is done... I am worried I may use a permission which could bugger it all up!!
     
    Certifications: MCDST, MCITP-EDST/EDA/EA/SA/ MCSA 2K3/2K8, MCSE+M 2K3/2K8, ISA/TMG, VCP3/4, CCNA, Exchange, SQL, Citrix, A+, N+, L+, Sec+, Ser+, JNCIA-SSL, JNCIS-SSL
    WIP: Lots
  2. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    That snap in is not there by default, it's only available when you install the admin pack *adminpak.msi*
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  3. Jellyman_4eva

    Jellyman_4eva Byte Poster

    213
    4
    34
    Thats a good point...

    But say if they do have it installed for whatever reason... this is just a theoretical security question!
     
    Certifications: MCDST, MCITP-EDST/EDA/EA/SA/ MCSA 2K3/2K8, MCSE+M 2K3/2K8, ISA/TMG, VCP3/4, CCNA, Exchange, SQL, Citrix, A+, N+, L+, Sec+, Ser+, JNCIA-SSL, JNCIS-SSL
    WIP: Lots
  4. rockstar6181

    rockstar6181 Byte Poster

    101
    1
    22
    you can add a software restriction policey and add the path to the program for example C:\system32\ etc etc

    If someone has copied the file to another location so that path is not valid in the example then you could set a new hash rule

    All above done via gp
     
    Certifications: A/N+ MCSA 2003

Share This Page

Loading...