Mutsje
Admin
| Posts: 468 |  |
|
Setting security on AD objects using DSACLS - 2006/05/10 10:57
We all know about cacls and xcacls for settings permissions on file/folder objects script-wise, but for the Active Directory there is a similar tool: DSACLS (part of W2K Support Tools).
This tool can be used to set permissions on Active Directory objects when the Delegate Control wizard is not sufficient (or just not that handy...)
The most basic option is to list the permissions on an object, but included is a batallion of options. One of them you should take note of, they made a mistake:
In the specific permissions to options are inverted:
WP Read property
RP Write property
For these two permissions, if [Object/Property] is not
specified to define a specific property, they apply to
all properties of the object otherwise they apply to that
specific property of the object.
Obviously RP means Read Property, WP means Write Property.
One more note:
In article Q316792 an example is listed at the bottom, in which the userobject is preceeded by a "" , this will not work, type the user/group as is (user@domain or domainuser)
GPO adicted |
