Joseph- IPSec objects are stored in the Domain NC in CN=IP Security, CN=System. Each different type of IP Sec object is represented as an AD object so you could certainly delegate each object individually. I suspect the bigger challenge is decoding the IPSec data for each object type but perhaps you've already skinned that.
Darren Darren Mar-Elia For comprehensive Windows Group Policy Information, check out www.gpoguy.com-- the best source for GPO tips, tools and whitepapers. Also check out the Windows Group Policy Guide, a soup-to-nuts resource for Group Policy information. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Friday, June 23, 2006 8:13 AM To: [email protected] Subject: [ActiveDir] Delegating IPSec rights I'm trying to write an IPSec editor for the operations folks and I need to make sure that they can only edit specific rules. Does anyone know how to delegate rights to modify specific IPSec Filter Rules and Filter Lists? Are they stored in AD somewhere? Or are they in the registry on the DCs? I was also thinking that I could use a service account with elevated privileges to perform the operations; however, I'm not sure if I can specify alternate creds when performing the edits. Thanks! List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
