|
Excellent thanks ~Eric... This looks to be a good
document.
However, anyone else think this info on confidential
attributes is a bit weak in the documentation
Improved security to protect confidential attributes
To prevent Read access to confidential attributes, such as a Social Security number, while allowing Read access to other object attributes, you can designate specific attributes as confidential by setting a search flag on the respective attributeSchema object. By default, only domain administrators have Read access to confidential attributes, but this access can be delegated. For more information about access to attributes, see "How Security Descriptors and Access Control Lists Work" on the Microsoft Web site at http://go.microsoft.com/fwlink/?LinkId=45972. The
link takes you to a document from March 28, 2003 which I highly doubt has more
info about confidential attributes. This is something that actually requires you
to make changes to use, not like saying hey we also keep SID Histories in the
tombstone objects now which doesn't take any action on the part of the
admins....
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Monday, May 09, 2005 12:22 AM To: [email protected] Subject: [ActiveDir] Who was asking for a list of SP1 changes? I think it was this DL......
I didn’t read it for completeness, but spot checked, and many are there. Though certainly not every one I’m sure.
~Eric
|
- RE: [ActiveDir] Who was asking for a list of SP1 changes? I think it w... joe
