It seems Sakari's dream has come true. The SP1 docs cover this. http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/ov erview.mspx Look at 02_accessenum.doc
AD you could have done this before though (if I understand the ask correctly) by removing list_contents from the parent, giving explicit perms to the child and enabling list object mode with the appropriate mod. For AD, this is old news. ~Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Sent: Wednesday, February 09, 2005 6:19 AM To: [email protected] Subject: RE: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor Isn't that what Access-based Directory Enumeration do? This feature is not enabled by default in SP1, though. I haven't tried the feature yet so I can't verify it. Regards, /Jimmy ------------------------------------- Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services ---------- www.qadvice.com ---------- ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sakari Kouti Sent: Wednesday, February 09, 2005 12:17 PM To: [email protected] Subject: RE: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor It's been my dream over ten years that NTFS would get similar permission feature to what has been in NetWare all these years. When a user has permissions to a given subfolder, it's almost always most logical that this subfolder (automatically or implicitly up to the root) would become visible to her. And vice versa, when she has no permissions to a subfolder, it would be logical that this subfolder is invisible to her. And it has been my dream for six years that the same would apply to AD, as has always been with NDS. While we are on the subject, another extremely handy feature of NDS would be most welcome in AD. That is, each OU would be a sec prin, so if you want to grant permissions to all people in the Sales OU, you wouldn't have to create a paraller sec group for that. Yours, Sakari ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Wednesday, February 09, 2005 10:18 AM To: [email protected] Subject: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor Hi, clipclipclip Regards, Jorge PS.: I'm glad MS is going toward the permissions structure (with W2K3 SP1) like Novell has. It is still not perfect, but it's a begin. AND maybe some day (Windows 2011?) will be able to configure file system permissions through AD like that is possible with the NDS. The possibility of configuring permissions for the file system through GPOs is a nice feature but far from perfect. Also any thoughts on this are welcome. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
