On Fri, Jan 6, 2012 at 14:21, David Lum <david....@nwea.org> wrote: > As a matter of fact, yes they were. I think early on messing with these guys > is where I learned about AdminSDHolder. Looks like I get to use ADSIEDIT > right?
I stole this from somewhere, and saved it in a file called ClearAdminSDHolderForOneUser.vbs. Worked just fine. Kurt ' ========= VBScript program =========== ' VBScript program to toggle "allow inheritable permissions from ' parent to propagate to this object" on the Security tab of the object. Option Explicit Const SE_DACL_PROTECTED = &H1000 Dim objADObject, objNtSecurityDescriptor, intNtSecurityDescriptorControl ' Distinguished Name of user object hard coded. Set objADObject = GetObject("LDAP://cn=Kurt Buff,ou=it,ou=users,ou=us,dc=mycompany,dc=com") ' Retreive security descriptor object for this object. Set objNtSecurityDescriptor = objADObject.Get("ntSecurityDescriptor") ' Retrieve control settings. intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control ' Toggle the bit for "allow inheritable permissions". intNtSecurityDescriptorControl = intNtSecurityDescriptorControl Xor SE_DACL_PROTECTED ' Save control settings in the security descriptor object. objNtSecurityDescriptor.Control = intNtSecurityDescriptorControl ' Save the security descriptor object. objADObject.Put "ntSecurityDescriptor", objNtSecurityDescriptor ' Update the user object. objADObject.SetInfo Wscript.Echo "Done" ' ========= VBScript program =========== ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin