RE: [ActiveDir] VBScript Container Security
Thanks Matt - that was the document I referenced in my original question
though. I'm trying to achieve the steps via a scripted approach.
Thanks to all who have helped so far.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: 17 September 2006 21:05
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] VBScript Container Security
Try starting with this document...one ohe preferred methods is to create the
System container and manally assign permissions to it...
http://www.microsoft.com/technet/prodtechnol/sms/smssp2/spsecurity/3df7a6e2-e173-4def-a81a-5bd90fbbf9d8.mspx?mfr=true
Matt Duguid
Systems Engineer for Identity Services
Department of Internal Affairs
Phone: +64 4 4748028 (wellington)
Mobile: +64 21 1713290
Fax: +64 4 4748894
Address: Level 4, 47 Boulcott Street, Wellington CBD
E-mail: [EMAIL PROTECTED]
Web: http://www.dia.govt.nz/
|-+-->
| | |
| | |
| | |
| | "Joe McNicholas" |
| | <[EMAIL PROTECTED]>|
| | Sent by: |
| | [EMAIL PROTECTED]|
| | tivedir.org|
| | |
| | |
| | 15/09/2006 09:53 p.m. |
| | Please respond to |
| | ActiveDir |
| | |
|-+-->
>--|
|
|
|To:
|
|cc:
|
| Subject: [ActiveDir] VBScript Container Security
|
>--|
I'm trying to create and secure the "LDAP://cn=System
Management,cn=System,dc=mydomain,dc=com" container, as required for SMS[1].
I'm able to create the container successfully, but haven't found any examples
of how to assign security to an OU or Container in the AD. MS Script Centre
and a quick google have come up blank, can anyone point me to any examples?
Thanks
Joe
[1] Ref:
https://www.microsoft.com/technet/prodtechnol/sms/smssp2/spsecurity/3df7a6e2-e173-4def-a81a-5bd90fbbf9d8.mspx?mfr=true
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] VBScript Container Security
Try starting with this document...one ohe preferred methods is to create
the System container and manally assign permissions to it...
http://www.microsoft.com/technet/prodtechnol/sms/smssp2/spsecurity/3df7a6e2-e173-4def-a81a-5bd90fbbf9d8.mspx?mfr=true
Matt Duguid
Systems Engineer for Identity Services
Department of Internal Affairs
Phone: +64 4 4748028 (wellington)
Mobile: +64 21 1713290
Fax: +64 4 4748894
Address: Level 4, 47 Boulcott Street, Wellington CBD
E-mail: [EMAIL PROTECTED]
Web: http://www.dia.govt.nz/
|-+-->
| | |
| | |
| | |
| | "Joe McNicholas" |
| | <[EMAIL PROTECTED]>|
| | Sent by: |
| | [EMAIL PROTECTED]|
| | tivedir.org|
| | |
| | |
| | 15/09/2006 09:53 p.m. |
| | Please respond to |
| | ActiveDir |
| | |
|-+-->
>--|
|
|
|To:
|
|cc:
|
| Subject: [ActiveDir] VBScript Container Security
|
>--|
I'm trying to create and secure the "LDAP://cn=System
Management,cn=System,dc=mydomain,dc=com" container, as required for SMS[1].
I'm able to create the container successfully, but haven't found any
examples of how to assign security to an OU or Container in the AD. MS
Script Centre and a quick google have come up blank, can anyone point me to
any examples?
Thanks
Joe
[1] Ref:
https://www.microsoft.com/technet/prodtechnol/sms/smssp2/spsecurity/3df7a6e2-e173-4def-a81a-5bd90fbbf9d8.mspx?mfr=true
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] VBScript Container Security
Here is a link to a script written in Jscript that may give you some ideas. http://calnetad.berkeley.edu/documentation/scripts/index.html#ousetup This script creates an OU and adds an ACE for delegating rights to the OU. Regards, Arden On 9/15/06, Paul Williams <[EMAIL PROTECTED]> wrote: I can't point you at any examples, but most of the documentation I read and from what MSFT people said at conferences, reckons you should grant full control to the group for SMS servers on that container. That's horse sh!t -you need to grant create and delete of each of the MS SMS object types and full control over those object types, and that's it. When I designed a couple of k3 SMS installations last year I used a DLG called SMS Servers and GGs called Primary SMS and Secondary SMS and nested the GGs into the DLG which was granted the permissions. You can then get specific for primary and secondary servers in some cases, or grant all via the DLG. I'm afraid I can't remember the names of the classes, so can't give you the ldapDisplayName's of the object type in question. But they're easy to find, they should be prefixed with mS-SMS or something like that. Note also that the advanced clients search on objectClass instead of objectCategory, so if you haven't already, you need to index objectClass. --Paul - Original Message - From: Joe McNicholas To: ActiveDir@mail.activedir.org Sent: Friday, September 15, 2006 10:53 AM Subject: [ActiveDir] _vbscript_ Container Security I'm trying to create and secure the "LDAP://cn=System Management,cn=System,dc=mydomain,dc=com" container, as required for SMS[1]. I'm able to create the container successfully, but haven't found any examples of how to assign security to an OU or Container in the AD. MS Script Centre and a quick google have come up blank, can anyone point me to any examples? Thanks Joe [1] Ref: https://www.microsoft.com/technet/prodtechnol/sms/smssp2/spsecurity/3df7a6e2-e173-4def-a81a-5bd90fbbf9d8.mspx?mfr=true
Re: [ActiveDir] VBScript Container Security
Title: VBScript Container Security I can't point you at any examples, but most of the documentation I read and from what MSFT people said at conferences, reckons you should grant full control to the group for SMS servers on that container. That's horse sh!t -you need to grant create and delete of each of the MS SMS object types and full control over those object types, and that's it. When I designed a couple of k3 SMS installations last year I used a DLG called SMS Servers and GGs called Primary SMS and Secondary SMS and nested the GGs into the DLG which was granted the permissions. You can then get specific for primary and secondary servers in some cases, or grant all via the DLG. I'm afraid I can't remember the names of the classes, so can't give you the ldapDisplayName's of the object type in question. But they're easy to find, they should be prefixed with mS-SMS or something like that. Note also that the advanced clients search on objectClass instead of objectCategory, so if you haven't already, you need to index objectClass. --Paul - Original Message - From: Joe McNicholas To: ActiveDir@mail.activedir.org Sent: Friday, September 15, 2006 10:53 AM Subject: [ActiveDir] _vbscript_ Container Security I'm trying to create and secure the "LDAP://cn=System Management,cn=System,dc=mydomain,dc=com" container, as required for SMS[1]. I'm able to create the container successfully, but haven't found any examples of how to assign security to an OU or Container in the AD. MS Script Centre and a quick google have come up blank, can anyone point me to any examples? Thanks Joe [1] Ref: https://www.microsoft.com/technet/prodtechnol/sms/smssp2/spsecurity/3df7a6e2-e173-4def-a81a-5bd90fbbf9d8.mspx?mfr=true
[ActiveDir] VBScript Container Security
Title: VBScript Container Security I'm trying to create and secure the "LDAP://cn=System Management,cn=System,dc=mydomain,dc=com" container, as required for SMS[1]. I'm able to create the container successfully, but haven't found any examples of how to assign security to an OU or Container in the AD. MS Script Centre and a quick google have come up blank, can anyone point me to any examples? Thanks Joe [1] Ref: https://www.microsoft.com/technet/prodtechnol/sms/smssp2/spsecurity/3df7a6e2-e173-4def-a81a-5bd90fbbf9d8.mspx?mfr=true
