Are you talking about blocking the ADU&C MMC? If so, that's a GPO that prevents the use of MMC's or that specific MMC from initiating.
FWIW, you aren't buying much by keeping them from opening any one particular app for reading purposes. The idea of an LDAP directory is the ability to read things really fast. Your users have almost limitless avenues to read the directory, i.e. scripts (easily downloaded), applications(LDP for example), etc. If your permissions are appropriate, is there harm in them reading the directory that's worth the overhead of blocking one particular tool? Al -----Original Message----- From: Douglas M. Long [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 07, 2004 1:35 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Don't want users to view Directory Info OK, so I thought there as a GPO that I could set so that a "domain user" could not just open up ADUC and look at everything. Am I just blind, or is there something else I have to do? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
