[THIN] Re: OT: view hidden group membership
- From: "Evan Mann" <emann@xxxxxxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 6 Jan 2005 09:47:15 -0500
Security on a distro list marked hidden via Exchange tasks for the 2
groups:
Allow - Account Operators - Ready Property - This object and all child
objects
Deny - Everyone - Ready Property - This object and all child objects
There is also:
Enterprise Admins - Full Control - This object and all child objects
I am a member of Account Operators and Enterprise Admins and I can see
membership. But I have some users as Domain Admins (not in Account Ops
or Enterprise Admins) who can't see membership.
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Braebaum, Neil
Sent: Thursday, January 06, 2005 9:26 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: view hidden group membership
I would have thought (given how DACLs and ACEs work) that deny
(especially for everyone) will take precedence.
As I'm not sure I have a similar scenario to look at, could you expand
on how the override for Account Operators is implemented?
Neil
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Evan Mann
> Sent: 06 January 2005 14:11
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] OT: view hidden group membership
>
> When you hide membership to a distribution list in AD, Everyone is
> given Deny on reading the members, including Domain Admins. The
> Account Operators group has an override over this.
>
> I want to use Delegate control to give the correct specific
> permissions to a few people so they can view the hidden membership. I
> tried using simply read permission on group objects, but that doesn't
> seem to do the trick.
>
> Anyone know specifically what security a users need to override the
> Deny on Everyone which is set by hiding membership?
***********************************************
This e-mail and its attachments are confidential and are intended for
the above named recipient only. If this has come to you in error, please
notify the sender immediately and delete this e-mail from your system.
You must take no action based on this, nor must you copy or disclose it
or any part of its contents to any person or organisation.
Statements and opinions contained in this email may not necessarily
represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its subsidiaries is 100
Old Hall Street, Liverpool, L70 1AB.
Registered number of Littlewoods Limited is 262152.
************************************************
********************************************************
This Weeks Sponsor SeamlessPlanet.com Domain Names Register your .com
domain name for as low as $7.85 One of the lowest prices on the web!
Part of The Kenzig Group.
http://www.seamlessplanet.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Awesome SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor SeamlessPlanet.com Domain Names
Register your .com domain name for as low as $7.85
One of the lowest prices on the web! Part of The Kenzig Group.
http://www.seamlessplanet.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Awesome SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
