Out of curiousity, what are you calling
`jail? Are you simply disabling the account, or are you putting it
into a homebrewed OU with specific restrictions?
Eternally curious,
-James R. Rogers
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe
Sent:
Jail is a special set of OUs that we put "bad" objects
into.
It is an OU with all permissions except localsystem and
Enterprise Admins stripped from it. Any objects thrown in there are disabled
and/or have their ACL stripped. It is beautiful for machines that aren't
following naming
1. I have been really lax on this what with other crap I
have been dealing with. However I am about to implement cleanup which will upset
people and will remove anything older than 90 days. After 60 days the machines
(W2K+)have to be rejoined anyway.
2. No. The network folks are actually