We've just begun to populate part of the AD with an ID Number that was previously kept in a separate database. We've noticed that anyone (particularly guest) can "read" attributes using ADSIedit. It appears that the default permissions on objects are to allow authenticated users to read.
We would like to change this so that only certain groups, can read that type of information. We've done some experimenting with changing that default permission. Has anyone else done this? Any problems or tips ? Thanks! Arron _________________________________________________ Arron King Network & Systems Administrator Ohio Dominican College voice - 614.251.4515 fax - 614.252.2650 [EMAIL PROTECTED] http:\\www.odc.edu\~kinga List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
