Recipe 14.7 Viewing the ACL for an Object

14.7.1 Problem

You want to view the ACL for an object.

14.7.2 Solution

14.7.2.1 Using a graphical user interface
  1. Open the ACL Editor. You can do this by viewing the properties of an object (right-click on the object and select Properties) with a tool, such as Active Directory Users and Computers (ADUC) or ADSI Edit. Select the Security tab. To see the Security tab with ADUC, you must select View Advanced Features from the menu.

  2. Click the Advanced button to view a list of the individual ACEs.

14.7.2.2 Using a command-line interface
> dsacls <ObjectDN>
14.7.2.3 Using VBScript

Unfortunately, the code to view the ACEs in an ACL is quite messy and long. This will be included as part of the code on the web site for the book (http://www.oreilly.com/catalog/activedckbk/).

14.7.3 Discussion

Viewing an object's ACL is a common task and should already be familiar to most administrators. The ACL editor is useful for checking the permissions that have been set on objects, especially after running the Delegation of Control Wizard. In addition to viewing permissions, the options available in the GUI include, viewing Auditing settings and the Owner of the object. Knowing the owner of and object is important because ownership confers certain inherent rights.

Because the ACL Editor is the same for NTFS permissions and properties as it is for Active Directory objects, you should feel comfortable with the look and feel of the interface it is exactly the same as File and Folder permissions. I also highly recommend getting familiar with the Advanced View of the ACL Editor, as this is truly the view in which you can determine what is going on with permissions. The Basic view presents a list of security principals that have permissions configured, but it will not always show every ACE entry. The Advanced view will show the complete picture including the scope of permissions for ACEs down to the object and even attribute level.

14.7.4 See Also

Recipe 14.10 for changing an ACL and Recipe 15.12 for auditing of object access



Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net