Sign in with
Sign up | Sign in
Your question

How to find out if Inheritable Permissions is checked

Tags:
  • Permissions
  • Active Directory
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
April 6, 2005 2:50:10 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I am one of several AD admins and I want to run a query to find out how
many AD objects have this box unchecked. I'm trying to tighten security
on a per-OU level but delegation from the top level isn't working
properly because several user/computer/group objects are not inheriting
the changes that I'm making. Any help/tips would be appreciated.

More about : find inheritable permissions checked

Anonymous
April 11, 2005 2:30:12 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Paul,

Thanks for pointing me in the right direction. After searching the
scripting newsgroups for just 5 minutes, I already found several
scripting samples.
Anonymous
April 11, 2005 12:05:46 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

You have first to retrieve the securitydescriptor and then check the flag:
SE_DACL_PROTECTED = 4096 for the DACL entry
SE_SACL_PROTECTED = 8192 for the SACL entry

Example
If (iSD.Control And SE_DACL_PROTECTED) = SE_DACL_PROTECTED Then
IsInheritedACE = False
End if

If the flags are not checked it means that the security is inherited.

WinSysBee Support Team
http://www.winsysbee.com


nntp://news.free.fr/microsoft.public.win2000.active_directory/ >

Paul,

Thanks for pointing me in the right direction. After searching the
scripting newsgroups for just 5 minutes, I already found several
scripting samples.



[microsoft.public.win2000.active_directory > ]
!