Actually, the article shows how to do it at the container level also. They
are just missing the extra step of going into Advanced view.
Glad to know that you are not going to try to wiggle out of the beer. I put
it on your tab ;)
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser
Sent: Monday, November 27, 2006 6:30 PM
To: [email protected]
Subject: [ActiveDir] RE: [ActiveDir] Selective auth, "allowed to auth" right,
group policy
?
That shows how to do it on a per-computer basis. I found lots of
references to that on Google before posting. ;-) Finding a GP way to do
it eludes me, but Dean's suggestion has probably led me to a non-GP way
to do it once at the OU level. It took me a while to find it even with
his suggestion, but once I changed the advanced ACL editor to computer
objects instead of child objects, the allowed to auth right appeared.
Heck; I'll still buy you both a beer for helping me out at this hour.
:-)
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Akomolafe, Deji
> Sent: Monday, November 27, 2006 6:49 PM
> To: [email protected]
> Subject: RE: [ActiveDir] Selective auth, "allowed to auth"
> right, group policy
>
> http://technet2.microsoft.com/WindowsServer/en/library/b4d9643
> 4-0fde-4370-bd29-39e4b3cc7da81033.mspx?mfr=true
>
> You owe me a beer for making me do your google :)
>
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.com
> <x-excid://32770000/uri:http://www.akomolafe.com> - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were
> worried about Yesterday? -anon
>
> ________________________________
>
> From: Charlie Kaiser
> Sent: Mon 11/27/2006 5:28 PM
> To: [email protected]
> Subject: [ActiveDir] Selective auth, "allowed to auth" right,
> group policy
>
>
> I have to add the "allowed to auth" right to a large number of
> workstations so that workstation admins from another domain can access
> them. Instead of adding that right to each computer object, is there a
> way to do it with group policy at the OU level? I haven't been able to
> find it. It's a painful manual process.
>
> We're using a selective auth external trust between forests. For other
> reasons, we can't set up a "normal" trust.
>
> Thanks...
>
> **********************
> Charlie Kaiser
> W2K3 MCSA/MCSE/Security
> Systems Engineer
> Essex Credit / Brickwalk
> 510 595 5083
> **********************
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/[email protected]/
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/[email protected]/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/[email protected]/
