Tuesday, February 28, 2012

WD Lesson - 37

Controlling Access to Active Directory Objects-II

Viewing special permissions
1.         Click Start, point to Administrative Tools, and then click Active Directory Users And Computers. Right-click the object for which you want to view special permissions, and then click Properties.
2.         In the Properties dialog box for the object, click the Security tab. Click Advanced.
3.         In the Advanced Security Settings dialog box for the object, select the appropriate security principal and permission in the Permission Entries list, and then click Edit.
4.         In the Permission Entry dialog box for the object, select the Object tab to view special permissions for the object assigned to the security principal. Select the Properties tab to view special permissions for the properties assigned to the security principal.



Setting Special Permissions
1.         Click Start, point to Administrative Tools, and then click Active Directory Users And Computers. Right-click the object for which you want to assign or edit special permissions and click Properties.
2.         In the Properties dialog box for the object, click the Security tab. Click Advanced.
3.         To set special permissions for an additional security principal or set additional
special permissions for an existing security principal, click Add. In the Enter
The Object Name To Select box, type the name of the security principal, and
then click OK.
4.         In the Permission Entry dialog box for the object, set or change the desired special permissions in the Object and Properties tabs, and click OK & OK in sequence to finish.



Best Practices In Setting Permissions
  1. Because it is inefficient to maintain user accounts directly, you should assign permissions to groups rather than to users.
  2. Deny permissions sparingly. You should deny permissions only when it is necessary to exclude a subset of a group that has allowed permissions, or to exclude one special permission when you have already granted full control to a user or group.
  3. Set permissions to be inheritable to child objects.
  4. Assign Full Control permission, if appropriate, rather than individual permissions.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)