Setting Advanced Active Directory Permissions


As you know from previous discussions, user , group , and computer accounts are represented in Active Directory as objects. Active Directory objects have standard and advanced security permissions. These permissions grant or deny access to the objects. You can view advanced security permissions for objects by completing the following steps:

  1. Start Active Directory Users And Computers, and then display advanced options by selecting Advanced Features from the View menu. Next, right-click the user, group, or computer account you want to work with.

  2. Select Properties from the shortcut menu, and then click the Security tab in the Properties dialog box.

  3. Select the user, computer, or group whose permissions you want to view in the Name list box. If the permissions are dimmed, it means the permissions are inherited from a parent object.

Understanding Advanced User, Group, and Computer Permissions

Advanced permissions for Active Directory objects aren't as straightforward as other permissions. Different types of objects can have sets of permissions that are specific to the type of object. They can also have general permissions that are specific to the container they're defined in.

To set advanced permissions for Active Directory objects, follow these steps:

  1. Start Active Directory Users And Computers and then right-click the user, group, or computer account you want to work with.

    Caution

    Only those administrators with a solid understanding of Active Directory and Active Directory permissions should manipulate advanced object permissions. Incorrectly setting advanced object permissions can cause problems that are very difficult to track down.


  2. Select Properties from the shortcut menu, and then click the Security tab in the Properties dialog box as shown in Figure 10-12.

    Figure 10-12. Use the Security tab to configure object permissions.

    graphics/f10ap12.jpg

  3. Users or groups with access permissions are listed in the Name list box. You can change permissions for these users and groups by doing the following:

    • Select the user or group you want to change.

    • Use the Permissions list box to grant or deny access permissions.

    • Inherited permissions are dimmed. Override inherited permissions by selecting the opposite permissions.

  4. To set access permissions for additional users, computers, or groups, click the Add button. Then use the Select Users, Computers, Or Groups to add users, computers, or groups.

  5. Select the user, computer, or group you want to configure in the Name list box, click Add, and then OK. Then use the fields in the Permissions area to allow or deny permissions. Repeat for other users, computers, or groups.

  6. Click OK when you're finished.



Microsoft Windows Server 2003 Administrator[ap]s Pocket Consultant
Microsoft Windows Server 2003 Administrator[ap]s Pocket Consultant
ISBN: 735622450
EAN: N/A
Year: 2003
Pages: 141

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net