Without knowing the details I would start off by saying
effective permissions isn't the greatest[1] and is very likely to be
incorrect because without an actual security token to work from on the
machine that you need to know the effective rights it is very easy to miss
something and not get it right. I don't even bother looking at effective
rights ever, I look at the ACLs myself and work it through.
If you want, email me the DSACLS dump to my home address
and what isn't working and I will give you a free opinion. :)
joe
[1] I
was going to say sucks but I tried to write my own version of it once and it is
really really really hard.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernier, Brandon (.)
Sent: Tuesday, June 27, 2006 10:16 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Self vs. the object name / effective permissions
Someone came by my cube and said they were having permission issues. They assigned Self some rights for computer objects and in ADUC the effective permissions are correct. However, they also did effective permissions on the name of the computer object and it has different results….Why is this?? I know Self represents the object…so where is it getting different permissions from? DSAcls is retrieving correct information for me, but this seems like a bug to me.
-Brandon
