agreed, blocking the tools won't help bit - the users will already get quite far simply by using the built-in "Find People" feature (with "Look in" set to Active Directory) and there are many other powerful LDAP browsers for easy download. With Win2k clients you could also easily "browse" through the Network Neighboorhood - can't get much simpler.
So it really comes down to restricting read-access on the OUs you don't want everyone to browse through (but you need to know what you're doing...) /Guido -----Original Message----- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 7. Januar 2004 21:04 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Don't want users to view Directory Info Are you talking about blocking the ADU&C MMC? If so, that's a GPO that prevents the use of MMC's or that specific MMC from initiating. FWIW, you aren't buying much by keeping them from opening any one particular app for reading purposes. The idea of an LDAP directory is the ability to read things really fast. Your users have almost limitless avenues to read the directory, i.e. scripts (easily downloaded), applications(LDP for example), etc. If your permissions are appropriate, is there harm in them reading the directory that's worth the overhead of blocking one particular tool? Al -----Original Message----- From: Douglas M. Long [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 07, 2004 1:35 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Don't want users to view Directory Info OK, so I thought there as a GPO that I could set so that a "domain user" could not just open up ADUC and look at everything. Am I just blind, or is there something else I have to do? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
