A stricter organization probably wouldn't allow ADUC and native rights to the directory at all. They would require requests to go through a provisioning system so that it could be properly logged and business rules applied.
If this is about security and you perceive less security because the tools are there. Your security shouldn't be based on the existence or absence of these tools, it should be on permissioning, etc. There are other methods of getting to the info displayed by these tools. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Seet Sent: Wednesday, October 13, 2004 3:05 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Install only "Active Directory Users and Computers" snap-in But would this be the standard practice for stricter organisations? Of course it ain't a big problem for me in reality since the customer's environment is a small one, but I'd like know how corporate domain/forest admins handle this. thanks, Aaron -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Wednesday, 13 October 2004 13:04 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Install only "Active Directory Users and Computers" snap-in Aaron- There is likely a dll which you need to regsvr32 and then the msc. I have no idea what the dll is, perhaps there's a dsa.dll to go with dsa.msc. I'd just install the MSI - if they don't have rights, it's not gonna do any harm. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
