You should be able to turn off inheritance and remove Authenticated Users
from the DACL.

 

Regards,

 

Michael B. Smith

MCITP:SA,EMA/MCSE/Exchange MVP

http://TheEssentialExchange.com

 

From: Ken Cornetet [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 15, 2008 1:26 PM
To: NT System Admin Issues
Subject: Default security on user created attributes in AD

 

I need to add some attributes for users in AD. I've created an auxiliary
class, created the attributes, added them to the aux class, then added the
aux class to the "user" class. So far, so good. I can use an ADSI script to
populate the attributes, and I can see the attributes using ldp.exe

 

The problem is that the new attributes are viewable by everyone. I want at
least one of them to be viewable only by a specific group. I can run the
delegation wizard in ADUC to grant the group read/write on the attribute,
but I can't find how to turn off the default access.

 

Anyone know how to do this?

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Reply via email to