|
I can't point you at any examples, but
most of the documentation I read and from what MSFT people said at conferences,
reckons you should grant full control to the group for SMS servers on that
container. That's horse sh!t -you need to grant create and delete of each
of the MS SMS object types and full control over those object types, and that's
it.
When I designed a couple of k3 SMS
installations last year I used a DLG called SMS Servers and GGs called Primary
SMS and Secondary SMS and nested the GGs into the DLG which was granted the
permissions. You can then get specific for primary and secondary servers
in some cases, or grant all via the DLG.
I'm afraid I can't remember the names of
the classes, so can't give you the ldapDisplayName's of the object type in
question. But they're easy to find, they should be prefixed with mS-SMS or
something like that.
Note also that the advanced clients search
on objectClass instead of objectCategory, so if you haven't already, you need to
index objectClass.
--Paul
|
Title: VBScript Container Security
- [ActiveDir] VBScript Container Security Joe McNicholas
- Re: [ActiveDir] VBScript Container Security Paul Williams
- Re: [ActiveDir] VBScript Container Security A P
- [ActiveDir] orgfinder Ramon Linan
- Re: [ActiveDir] orgfinder Joe Kaplan
- [ActiveDir] need help badhusha
- Re: [ActiveDir] need help Paul Williams
- RE: [ActiveDir] need help Dave Wade
- Re: [ActiveDir] VBScript Container Security Matt . Duguid
- RE: [ActiveDir] VBScript Container Security Joe McNicholas
