You should be able to turn off inheritance and remove Authenticated Users from the DACL.
Regards, Michael B. Smith MCITP:SA,EMA/MCSE/Exchange MVP http://TheEssentialExchange.com From: Ken Cornetet [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2008 1:26 PM To: NT System Admin Issues Subject: Default security on user created attributes in AD I need to add some attributes for users in AD. I've created an auxiliary class, created the attributes, added them to the aux class, then added the aux class to the "user" class. So far, so good. I can use an ADSI script to populate the attributes, and I can see the attributes using ldp.exe The problem is that the new attributes are viewable by everyone. I want at least one of them to be viewable only by a specific group. I can run the delegation wizard in ADUC to grant the group read/write on the attribute, but I can't find how to turn off the default access. Anyone know how to do this? ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
