RE: Not even sure how to look this one up

Fri, 06 Jan 2012 19:56:25 -0800 

This is necessary, but not always sufficient. You may also have to set the 
adminSDHolder attribute to zero:

        objADObject.Put "adminSDHolder", 0

Just applying inheritable permissions fixes SOME things. Others require the 
reset value...

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-----Original Message-----
From: Kurt Buff [mailto:[email protected]] 
Sent: Friday, January 06, 2012 7:36 PM
To: NT System Admin Issues
Subject: Re: Not even sure how to look this one up

On Fri, Jan 6, 2012 at 14:21, David Lum <[email protected]> wrote:
> As a matter of fact, yes they were. I think early on messing with these guys
> is where I learned about AdminSDHolder. Looks like I get to use ADSIEDIT
> right?

I stole this from somewhere, and saved it in a file called
ClearAdminSDHolderForOneUser.vbs. Worked just fine.

Kurt

' ========= VBScript program ===========
' VBScript program to toggle "allow inheritable permissions from
' parent to propagate to this object" on the Security tab of the object.

Option Explicit
Const SE_DACL_PROTECTED = &H1000
Dim objADObject, objNtSecurityDescriptor, intNtSecurityDescriptorControl

' Distinguished Name of user object hard coded.
Set objADObject = GetObject("LDAP://cn=Kurt
Buff,ou=it,ou=users,ou=us,dc=mycompany,dc=com")

' Retreive security descriptor object for this object.
Set objNtSecurityDescriptor = objADObject.Get("ntSecurityDescriptor")

' Retrieve control settings.
intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control

' Toggle the bit for "allow inheritable permissions".
intNtSecurityDescriptorControl = intNtSecurityDescriptorControl Xor
SE_DACL_PROTECTED

' Save control settings in the security descriptor object.
objNtSecurityDescriptor.Control = intNtSecurityDescriptorControl

' Save the security descriptor object.
objADObject.Put "ntSecurityDescriptor", objNtSecurityDescriptor

' Update the user object.
objADObject.SetInfo

Wscript.Echo "Done"
' ========= VBScript program ===========

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin

Reply via email to