Yes, you can set this at the OU and have it inherit down to user
objects.

I expect it's failing because the Description attribute is in the Public
Information property set, not the General Information property set.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Oliver Marshall
Sent: Wednesday, April 19, 2006 9:45 AM
To: [email protected]
Subject: RE: [ActiveDir] Permission to modify description

If I run it interactively as a normal user, it fails with the same error
on the same line.

If I run it as an admin, it works.

Can I allow Write Description to SELF on an entire OU? I have hundreds
of users to mod, and I don't fancy doing each one by hand :)

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter
Sent: 19 April 2006 16:02
To: [email protected]
Subject: RE: [ActiveDir] Permission to modify description

What happens when you run the script interactively, as opposed to within
the login script?

You can (should?) tighten the security on this...granting Self allow on
Write Description should be sufficient. 

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Oliver Marshall
Sent: Wednesday, April 19, 2006 4:41 AM
To: [email protected]
Subject: [ActiveDir] Permission to modify description

I have a logon script which changes the description of the current user
when they logon, or rather it should do. Whenever I pop that script in
to a logon script it fails with a "general access denied error".

The line it fails on it the last of these two;

objUser.Description = strMessage
objUser.SetInfo

objUser is pointing to the correct user, and it can set the local cached
description setting, it only fails when it trys to set that info on the
server.

I have tried giving "Authenticated Users" the "Write General
Information" permission, but that doesn't help.

Any ideas what permission I need to assign so that people are able to
edit the description properties ? Is there an associated permission for
using the setinfo method ?


If it helps, this is win2k servers with xp desktops.

Olly
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to