Sign in with
Sign up | Sign in
Your question

Restrict NTFS permissions list

Tags:
  • Microsoft
  • Permissions
  • Windows
Last response: in Windows 2000/NT
Share
September 14, 2005 5:01:15 PM

Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.win2000.security,microsoft.public.windows.server.active_directory (More info?)

Hi!

I'm trying to find a way to let users in a specific OU administer NTFS
permissions on a specific server. We have an AD containing multiple
organizations. One of these organizations have a number of servers which are
part of the domain. When permissions are set on files and folders the groups
and users of all organizations are viewable. Is there a group policy or AD
permission that will allow me to limit the list of users/groups to only
contain objects from one OU?

Help is highly appreciated

Morten

PS: Sorry that I'm cross-posting but I'm not sure where I should ask this
question.

More about : restrict ntfs permissions list

Anonymous
September 14, 2005 5:01:16 PM

Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.win2000.security,microsoft.public.windows.server.active_directory (More info?)

"Morten" <morten_skovgaard@hotmail.com> wrote in message
news:ubpEjuRuFHA.596@TK2MSFTNGP12.phx.gbl...
> Hi!
>
> I'm trying to find a way to let users in a specific OU administer NTFS
> permissions on a specific server. We have an AD containing multiple
> organizations. One of these organizations have a number of servers which
> are part of the domain. When permissions are set on files and folders the
> groups and users of all organizations are viewable. Is there a group
> policy or AD permission that will allow me to limit the list of
> users/groups to only contain objects from one OU?
>
> Help is highly appreciated
>
> Morten
>
> PS: Sorry that I'm cross-posting but I'm not sure where I should ask this
> question.

No.
The object picker used to set NTFS permissions see all usable objects.
Anonymous
September 14, 2005 5:01:16 PM

Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.win2000.security,microsoft.public.windows.server.active_directory (More info?)

Not in Windows 2000 unfortunately. With Windows 2003 it is possible to
create "forest" trusts that can use selective authentication and the allow
to authenticate permission to limit what groups can authenticate to a
computer or domain. You may be a long way from using all Windows 2003 domain
controllers and separate forests but I though I would mention that it has a
capability similar to what you are looking for. --- Steve


"Morten" <morten_skovgaard@hotmail.com> wrote in message
news:ubpEjuRuFHA.596@TK2MSFTNGP12.phx.gbl...
> Hi!
>
> I'm trying to find a way to let users in a specific OU administer NTFS
> permissions on a specific server. We have an AD containing multiple
> organizations. One of these organizations have a number of servers which
> are part of the domain. When permissions are set on files and folders the
> groups and users of all organizations are viewable. Is there a group
> policy or AD permission that will allow me to limit the list of
> users/groups to only contain objects from one OU?
>
> Help is highly appreciated
>
> Morten
>
> PS: Sorry that I'm cross-posting but I'm not sure where I should ask this
> question.
>
!