-----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Tuesday, August 31, 2010 9:17 AM To: NT System Admin Issues Subject: Re: Delegating Control
On Tue, Aug 31, 2010 at 9:18 AM, Don Guyer <[email protected]> wrote: > A better (read easier) way might be to create a new group, delegate to that > group and when it is no longer needed, remove that group. A good idea. Some additional notes: * You can then look for that Group in Active Directory to find out what the wizard did. That can either be used as a learning experience, or just to remove the group's entries from the ACLs. * If you don't remove the group from the ACL: You may want to consider removing the group members, leaving the group empty, and not deleting the group. Otherwise, down the road, you may encounter the entry as an unresolvable SID. By leaving the group, you retain the human-friendly name. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
