Active Directory Security dot com Complete Coverage of Delegation, Security Audit & Compliance Reporting in Active Directory Brought to you by former Microsoft Program Manager for Active Directory Security

	REFERENCE GUIDANCE REPORTING Reference | Top-20 D | Risks | FAQ Delegate | Verify | Assess | Audit | Report | Comply Reports |  Tools

| Delegating Account Mgmt | Delegating Group Mgmt | Delegating OU Mgmt | Delegating SCP Mgmt |

Delegating Group Management in Active Directory ADMINISTRATIVE TASK . HOW TO DELEGATE THE TASK . SECURITY IMPLICATIONS OF TASK (when performed with malicious intent) 1. Create a security group Grant Create Child permissions on the parent object to create Group objects Mislead others user to mistakenly grant your group access to IT assets. 2. Delete a security group Grant Standard Delete permissions on the group object or Delete Child permissions on the parent object Jeopardize security of IT assets being protected by that security group. 3. Modify a security group     membership Grant Write Property permissions on the group object to modify the Member attribute Obtain access to all IT assets to which that group is provisioned access. 4. Change a security group's     scope Grant Write Property permissions on the group object to modify the Group-Type attribute Alter use of security group to weaken security for certain protected assets. 5. Change a security group's     type Grant Write Property permissions on the group object to modify the Group-Type attribute Jeopardize security of IT assets being protected by that security group.

About	Copyright ActiveDirSec.Com 2008 – 2011. All Rights Reserved		Disclaimer
Active Directory Security	Active Directory Reports	Active Directory Reporting Tools	Cyber Security and Global Security
Active Directory Audit Tool	Active Directory Reporting Tool	Active Directory Reporting Tools	Active Directory Effective Permissions