On Fri, Jan 6, 2012 at 14:21, David Lum <[email protected]> wrote:
> As a matter of fact, yes they were. I think early on messing with these guys
> is where I learned about AdminSDHolder. Looks like I get to use ADSIEDIT
> right?
I stole this from somewhere, and saved it in a file called
ClearAdminSDHolderForOneUser.vbs. Worked just fine.
Kurt
' ========= VBScript program ===========
' VBScript program to toggle "allow inheritable permissions from
' parent to propagate to this object" on the Security tab of the object.
Option Explicit
Const SE_DACL_PROTECTED = &H1000
Dim objADObject, objNtSecurityDescriptor, intNtSecurityDescriptorControl
' Distinguished Name of user object hard coded.
Set objADObject = GetObject("LDAP://cn=Kurt
Buff,ou=it,ou=users,ou=us,dc=mycompany,dc=com")
' Retreive security descriptor object for this object.
Set objNtSecurityDescriptor = objADObject.Get("ntSecurityDescriptor")
' Retrieve control settings.
intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control
' Toggle the bit for "allow inheritable permissions".
intNtSecurityDescriptorControl = intNtSecurityDescriptorControl Xor
SE_DACL_PROTECTED
' Save control settings in the security descriptor object.
objNtSecurityDescriptor.Control = intNtSecurityDescriptorControl
' Save the security descriptor object.
objADObject.Put "ntSecurityDescriptor", objNtSecurityDescriptor
' Update the user object.
objADObject.SetInfo
Wscript.Echo "Done"
' ========= VBScript program ===========
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
