10.19. Modifying the Default Security of a Class
Problem
You want to modify the default security that is applied to objects instantiated from a particular structural class.
Solution
Tip
For Windows 2000 Active Directory, you need to enable schema modifications before proceeding. See Recipe 10.2 for more information.
Using a graphical user interface
Open the Active Directory Schema snap-in.
In the left pane, click on the Classes folder.
In the right pane, double-click the class you want to modify the security for.
Click the Default Security tab.
Modify the security as necessary.
Click OK.
Discussion
Whenever a new object is created in Active Directory, a default
security descriptor (SD) is applied to it along with any inherited
security from its parent container. The default security descriptor
is stored in the defaultSecurityDescriptor
attribute of the classSchema
object. If you modify
the default SD, every new object will get that SD, but it does not
affect any existing objects.
See Also
MS KB 265399 (HOW TO: Change Default Permissions for Objects That Are Created in the Active Directory)
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.