Restrict NTFS permissions list

Toggle sidebar Toggle sidebar
M

morten

Distinguished
Apr 4, 2004
32
0
18,530
Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.win2000.security,microsoft.public.windows.server.active_directory (More info?)

Hi!

I'm trying to find a way to let users in a specific OU administer NTFS
permissions on a specific server. We have an AD containing multiple
organizations. One of these organizations have a number of servers which are
part of the domain. When permissions are set on files and folders the groups
and users of all organizations are viewable. Is there a group policy or AD
permission that will allow me to limit the list of users/groups to only
contain objects from one OU?

Help is highly appreciated

Morten

PS: Sorry that I'm cross-posting but I'm not sure where I should ask this
question.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.win2000.security,microsoft.public.windows.server.active_directory (More info?)

"Morten" <morten_skovgaard@hotmail.com> wrote in message
news:ubpEjuRuFHA.596@TK2MSFTNGP12.phx.gbl...
> Hi!
>
> I'm trying to find a way to let users in a specific OU administer NTFS
> permissions on a specific server. We have an AD containing multiple
> organizations. One of these organizations have a number of servers which
> are part of the domain. When permissions are set on files and folders the
> groups and users of all organizations are viewable. Is there a group
> policy or AD permission that will allow me to limit the list of
> users/groups to only contain objects from one OU?
>
> Help is highly appreciated
>
> Morten
>
> PS: Sorry that I'm cross-posting but I'm not sure where I should ask this
> question.

No.
The object picker used to set NTFS permissions see all usable objects.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.win2000.security,microsoft.public.windows.server.active_directory (More info?)

Not in Windows 2000 unfortunately. With Windows 2003 it is possible to
create "forest" trusts that can use selective authentication and the allow
to authenticate permission to limit what groups can authenticate to a
computer or domain. You may be a long way from using all Windows 2003 domain
controllers and separate forests but I though I would mention that it has a
capability similar to what you are looking for. --- Steve


"Morten" <morten_skovgaard@hotmail.com> wrote in message
news:ubpEjuRuFHA.596@TK2MSFTNGP12.phx.gbl...
> Hi!
>
> I'm trying to find a way to let users in a specific OU administer NTFS
> permissions on a specific server. We have an AD containing multiple
> organizations. One of these organizations have a number of servers which
> are part of the domain. When permissions are set on files and folders the
> groups and users of all organizations are viewable. Is there a group
> policy or AD permission that will allow me to limit the list of
> users/groups to only contain objects from one OU?
>
> Help is highly appreciated
>
> Morten
>
> PS: Sorry that I'm cross-posting but I'm not sure where I should ask this
> question.
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom