Archived from groups: microsoft.public.win2000.security (
More info?)
ok. Thanks for the info Steve. And thanks for all the help!
-djc
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:Nu_dd.284897$MQ5.164061@attbi_s52...
> Hi Djc.
>
> Yes I hold some certifications. I am a A+ computer technician, an MCSE in
> Windows NT4.0 and Windows 2000, and a MCSA in Windows 2003.
>
> I am not paid to participate in newsgroups. I do it for fun, for learning,
> and the satisfaction helping others where I can. My only affiliation with
> Microsoft is that I am an MVP in Windows Security. For more information on
> Microsoft MVP program see the link below.
>
> http://mvp.support.microsoft.com/
>
> Certifications are a good way to show that you have a basic level of
> knowledge for a product or technology. To pursue a MCSE you are forced to
> learn and study many aspects of the operating system for wide based
> knowledge of it IF you do it for the purpose of learning it because you
have
> want to learn it and be good at it and not to just have the
> ertification. --- Steve
>
>
> "djc" <noone@nowhere.com> wrote in message
> news:OPYZuv3tEHA.3156@TK2MSFTNGP12.phx.gbl...
> > Thanks Steve. By the way I'm curious. You answer a lot of my posts and
are
> > obviously very knowledgable.
> > 1) do you hold any certifications? if so which ones?
> > 2) Are you paid to participate in these MS newsgroups? meaning, do you
> > work
> > for Microsoft directly or indirectly to provide this kind of assistance
to
> > the general IT public?
> >
> > The reason I ask is NOT because I doubt any of the information you give
> > but
> > really just becuase I'm curious about different things that
knowledgeable
> > IT
> > folk can get involved in and what kind of certification, if any, they
> > typically have or require. Just poking around and what things I may like
> > to
> > become involved in in the future.
> >
> > Thanks,
> > -djc
> >
> > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> > news:WDAdd.505554$8_6.377341@attbi_s04...
> >> There is a user configuration Group Policy you can implement to hide
the
> >> directory folder. Go to user configuration/administrative
> >> templates/desktop/Active Directory to enable such. Note that will not
> >> stop
> >> users from searching AD by other means. You can also hide AD objects by
> >> managing the read permissions in their security properties. However
this
> > can
> >> be tricky. For instance users do need read permissions for the domain
> >> container, the container their account resides in, and I believe the
> > domain
> >> controller container. If they do not have read permissions they will
not
> > be
> >> able to change their password and Group Policy user configuration will
> >> not
> >> apply to them. However if you have a container such as an
Organizational
> >> Unit that users are not in, nor need to access anything in it you can
> > remove
> >> their read permissions from that OU. For instance you could have an OU
> > with
> >> specific users having permissions to it and then remove authenticated
> >> users/everyone group permissions. Be sure to have a recent backup of
the
> >> System State for a domain controller before messing with AD permissions
> > just
> >> in case though dsacls /s can be used to retore default permissions to
AD
> >> objects.. -- Steve
> >>
> >>
http://support.microsoft.com/default.aspx?scid=kb;en-us;281146 --
dsacls
> >> syntax.
> >>
> >> "djc" <noone@nowhere.com> wrote in message
> >> news:uc4CPautEHA.224@TK2MSFTNGP15.phx.gbl...
> >> >I was suprised to see that by just using My Network Places -> entire
> >> > network -> directory -> then right-clicking on the domain name and
> >> > choosing
> >> > Find I could get so much account information! For instance even
though
> >> > I
> >> > renamed my admin account following good practices its easy to see
what
> > it
> >> > is
> >> > any whay by searching on 'admin'.. you can see the account plus the
> >> > administrators group which you can double-click to see all the
members
> >> > of???
> >> > any user can see all the groups and their membership. As well as all
> > OU's
> >> > and what objects are in them. I guess since I am used to using the
run
> > box
> >> > and command prompt so often I have neglected to go see what regular
> > users
> >> > may see.
> >> >
> >> > How can I stop this? Although its usefull to be able to search AD
like
> >> > this
> >> > if you trust everyone.... nuff said. Trust no one. How do I stop
> >> > publishing
> >> > secure information?
> >> >
> >> > On a funny note: if you are a dope like me and did not know this was
a
> >> > feature AND you named your OU's with names like 'AuditTheseFools' and
> >> > 'IDontTrustTheseGuys' in order to link GPO's to them then you will be
> >> > hoping
> >> > your users don't know about this feature either. hehe!
> >> >
> >> > any info would be greatly appreciated.
> >> >
> >> >
> >>
> >>
> >
> >
>
>