Matthieu,
I now own the case for your new question regarding ACL on SYSVOL. First ,
making ACL consistent between the DS object and the corresponding SYSVOL
object only applies to the DACL part of the security descriptor, just as shown
in the logic. Therefore, it can be explained why the o
Hello Hongwei,
On 17/02/2010 03:21, Hongwei Sun wrote:
Matthieu,
I now own the case for your new question regarding ACL on SYSVOL. First ,
making ACL consistent between the DS object and the corresponding SYSVOL
object only applies to the DACL part of the security descriptor, just as show
Matthieu,
After considering what the access rights FA is associated with, I think that
RPWPCCDCLCLORCWOWDSDDTSW is indeed mapped to FA if the logic is used. Please
look at the output below (also attached as DS-Created.txt and
SYSVOL-Created.txt)
In DS DACL, CCDCLCSWRPWPDTLOSDRCWDWO
On 26/02/2010 02:52, Hongwei Sun wrote:
Matthieu,
After considering what the access rights FA is associated with, I think
that RPWPCCDCLCLORCWOWDSDDTSW is indeed mapped to FA if the logic is used.
Please look at the output below (also attached as DS-Created.txt and
SYSVOL-Created.txt)
Matthieu,
>Ok from the reading of the DS flags it's not obvious that all this flags
>will "merge" to give FA. I suppose we should have a rule saying when you
>have "RPWPCCDCLCLORCWOWDSDDTSW" then the associate ACE is FA full stop.
>Is there other special translations rules ?
RPWPCCDCLCLORCWOWDSDD
Proposed Response:
Matthieu,
The default GPOs created during domain creation time (DcPromo) are Default
Domain Group Policy(31B2F340-016D-11D2-945F-00C04FB984F9) and Default Domain
Controller Group Policy (6AC1786C-016F-11D2-945F-00C04fB984F9). The initial
security descriptors of default
Resending.. just an editorial change...
Matthieu,
The default GPOs created during domain creation time (DcPromo) are Default
Domain Group Policy(31B2F340-016D-11D2-945F-00C04FB984F9) and Default Domain
Controller Group Policy (6AC1786C-016F-11D2-945F-00C04fB984F9). The initial
security
Matthieu,
I just want to check with you to see if you have any further questions on
this issue. If not , I will consider this case closed. Again, if you have
related questions in the future, we can always revisit this case.
Thanks!
Hongwei
-Original Message-
From: Hongwei Sun
Sent
Hello Hongwei,
So far it's good , you can close it.
Matthieu.
Matthieu,
I just want to check with you to see if you have any further questions on
this issue. If not , I will consider this case closed. Again, if you have
related questions in the future, we can always revisit this case.
