Default User object security

Windows 2003 SP2

I am trying to fix a problem where delegation of control is not working
properly to usr OUs. I ca't seem to keep permissions on user account objects
that allow user accounts to be moved between OUs. I think it may be related
to protected account membership on the user objects themselves. ALso the
"inherit permissions from parent" is unchecked on user objects. Certain user
new user objects work fine and are inheriting. What are the default security
to use on user objects so that i can remvoe membership from protected groups
and how should I allow inherit permissions from OU container so i can delgate
permisions.?

Hello 2010,

Please describe in detail what you have configured in delegate control, so
we can reproduce your problem.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Windows 2003 SP2
>
> I am trying to fix a problem where delegation of control is not
> working properly to usr OUs. I ca't seem to keep permissions on user
> account objects that allow user accounts to be moved between OUs. I
> think it may be related to protected account membership on the user
> objects themselves. ALso the "inherit permissions from parent" is
> unchecked on user objects. Certain user new user objects work fine
> and are inheriting. What are the default security to use on user
> objects so that i can remvoe membership from protected groups and how
> should I allow inherit permissions from OU container so i can delgate
> permisions.?
>

Sounds like you understand that protected groups are causing the inherit
flag to be unchecked.
http://technet.microsoft.com/en-us/m...minholder.aspx

What you haven't defined is what you want the users who are in protected
groups to be able to do once they have been removed from these groups. It
really is not possible to tell you what the specific permissions a protected
group has. Just define what you need users to be able to do and I believe
the folks monitoing this NewsGroup will be able to guide you through it.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"2010" <> wrote in message
news:80E4E1BB-AED5-468A-8931-...
> Windows 2003 SP2
>
> I am trying to fix a problem where delegation of control is not working
> properly to usr OUs. I ca't seem to keep permissions on user account
> objects
> that allow user accounts to be moved between OUs. I think it may be
> related
> to protected account membership on the user objects themselves. ALso the
> "inherit permissions from parent" is unchecked on user objects. Certain
> user
> new user objects work fine and are inheriting. What are the default
> security
> to use on user objects so that i can remvoe membership from protected
> groups
> and how should I allow inherit permissions from OU container so i can
> delgate
> permisions.?