I agree. The confidential attributes feature is interesting but requires better documentation. One important piece of information to note: You cannot mark base Schema objects confidential.
Arden On 5/9/05, joe <[EMAIL PROTECTED]> wrote: > Excellent thanks ~Eric... This looks to be a good document. > > > However, anyone else think this info on confidential attributes is a bit > weak in the documentation > > Improved security to protect confidential attributes > > > To prevent Read access to confidential attributes, such as a Social Security > number, while allowing Read access to other object attributes, you can > designate specific attributes as confidential by setting a search flag on > the respective attributeSchema object. By default, only domain > administrators have Read access to confidential attributes, but this access > can be delegated. For more information about access to attributes, see "How > Security Descriptors and Access Control Lists Work" on the Microsoft Web > site at http://go.microsoft.com/fwlink/?LinkId=45972. > > > The link takes you to a document from March 28, 2003 which I highly doubt > has more info about confidential attributes. This is something that actually > requires you to make changes to use, not like saying hey we also keep SID > Histories in the tombstone objects now which doesn't take any action on the > part of the admins.... > > > > > > > > > > > > ________________________________ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Eric Fleischman > Sent: Monday, May 09, 2005 12:22 AM > To: [email protected] > Subject: [ActiveDir] Who was asking for a list of SP1 changes? I think it > was this DL...... > > > > > http://www.microsoft.com/downloads/details.aspx?familyid=C3C26254-8CE3-46E2-B1B6-3659B92B2CDE&displaylang=en > > > > I didn't read it for completeness, but spot checked, and many are there. > Though certainly not every one I'm sure. > > > > ~Eric > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
