Did not know that - what I listed worked, but I will keep your note in mind.
Thanks for that. On Fri, Jan 6, 2012 at 19:51, Michael B. Smith <[email protected]> wrote: > This is necessary, but not always sufficient. You may also have to set the > adminSDHolder attribute to zero: > > objADObject.Put "adminSDHolder", 0 > > Just applying inheritable permissions fixes SOME things. Others require the > reset value... > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > http://TheEssentialExchange.com > > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Friday, January 06, 2012 7:36 PM > To: NT System Admin Issues > Subject: Re: Not even sure how to look this one up > > On Fri, Jan 6, 2012 at 14:21, David Lum <[email protected]> wrote: >> As a matter of fact, yes they were. I think early on messing with these guys >> is where I learned about AdminSDHolder. Looks like I get to use ADSIEDIT >> right? > > I stole this from somewhere, and saved it in a file called > ClearAdminSDHolderForOneUser.vbs. Worked just fine. > > Kurt > > ' ========= VBScript program =========== > ' VBScript program to toggle "allow inheritable permissions from > ' parent to propagate to this object" on the Security tab of the object. > > Option Explicit > Const SE_DACL_PROTECTED = &H1000 > Dim objADObject, objNtSecurityDescriptor, intNtSecurityDescriptorControl > > ' Distinguished Name of user object hard coded. > Set objADObject = GetObject("LDAP://cn=Kurt > Buff,ou=it,ou=users,ou=us,dc=mycompany,dc=com") > > ' Retreive security descriptor object for this object. > Set objNtSecurityDescriptor = objADObject.Get("ntSecurityDescriptor") > > ' Retrieve control settings. > intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control > > ' Toggle the bit for "allow inheritable permissions". > intNtSecurityDescriptorControl = intNtSecurityDescriptorControl Xor > SE_DACL_PROTECTED > > ' Save control settings in the security descriptor object. > objNtSecurityDescriptor.Control = intNtSecurityDescriptorControl > > ' Save the security descriptor object. > objADObject.Put "ntSecurityDescriptor", objNtSecurityDescriptor > > ' Update the user object. > objADObject.SetInfo > > Wscript.Echo "Done" > ' ========= VBScript program =========== > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
