Yes, you can set this at the OU and have it inherit down to user objects. I expect it's failing because the Description attribute is in the Public Information property set, not the General Information property set.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver Marshall Sent: Wednesday, April 19, 2006 9:45 AM To: [email protected] Subject: RE: [ActiveDir] Permission to modify description If I run it interactively as a normal user, it fails with the same error on the same line. If I run it as an admin, it works. Can I allow Write Description to SELF on an entire OU? I have hundreds of users to mod, and I don't fancy doing each one by hand :) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: 19 April 2006 16:02 To: [email protected] Subject: RE: [ActiveDir] Permission to modify description What happens when you run the script interactively, as opposed to within the login script? You can (should?) tighten the security on this...granting Self allow on Write Description should be sufficient. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver Marshall Sent: Wednesday, April 19, 2006 4:41 AM To: [email protected] Subject: [ActiveDir] Permission to modify description I have a logon script which changes the description of the current user when they logon, or rather it should do. Whenever I pop that script in to a logon script it fails with a "general access denied error". The line it fails on it the last of these two; objUser.Description = strMessage objUser.SetInfo objUser is pointing to the correct user, and it can set the local cached description setting, it only fails when it trys to set that info on the server. I have tried giving "Authenticated Users" the "Write General Information" permission, but that doesn't help. Any ideas what permission I need to assign so that people are able to edit the description properties ? Is there an associated permission for using the setinfo method ? If it helps, this is win2k servers with xp desktops. Olly List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
