This is basically what we were discussing in the last post I responded to earlier today. You need to pick an attribute, determine how the accesses are granted and think of a way to attack it.
I would probably look at employeeID or employeeNumber, neither of which I believe are in property sets. The big thing you have to overcome would be the ACE for the Pre-W2K compatability access because you probably have that enabled. Luckily that access is granted through an inherited ACE from the domain root so you can insert a deny at that level to block that access. Now you need to regrant to any groups you want to see it (other than acc op, admins, etc who have explicit FCs anyway) by going to a lower level in the hierarchy and granting an inherited grant to the group you created of who should get access. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Friday, August 19, 2005 1:38 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] AD attribute I'm running win2k in native mode. how would I do this in win2k AD? Thanks On 8/19/05, Marc A. Mapplebeck <[EMAIL PROTECTED]> wrote: > This is a step by step to add the attribute and extend the display > specifier to allow it to be modified. > http://www.informit.com/articles/article.asp?p=169630&rl=1 > Hope this helps - Marc > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern > Sent: August 19, 2005 13:55 > To: activedirectory > Subject: [ActiveDir] AD attribute > > My org wants to put social security #'s in AD as a user attrib(hidden > from users, of course) How would I go about doing this? > > Thanks > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
