Active Directory Security dot com

Complete Coverage of Delegation, Security Audit & Compliance Reporting in Active Directory

Brought to you by former Microsoft Program Manager for Active Directory Security

REFERENCE

GUIDANCE

REPORTING

|

|

|

|

|

|

|

|

|


\|	Delegating Account Mgmt	\|	Delegating Group Mgmt	\|	Delegating OU Mgmt	\|	Delegating SCP Mgmt	\|

Delegating Organizational Unit (OU) Management in Active Directory

ADMINISTRATIVE TASK .	HOW TO DELEGATE THE TASK .	SECURITY IMPLICATIONS OF TASK (when performed with malicious intent)

1. Create an organizational unit	Grant Create Child permissions on the parent object to create Organizational Unit objects	Create unauthorized user accounts, computer accounts and security groups, and use them to weaken security

2. Delete an organizational unit	Grant Standard Delete permissions on the OU object or Delete Child permissions on the parent object	Delete all user accounts, security groups and computers in the OU.

3. Change list of GPOs linked to an organizational unit	Grant Write Property permissions on the OU object to modify the GP-Link attribute and the GP-Options attribute	Weaken security policies protecting all accounts and computers receiving policy in the OU.

4. Disable GPOs linked to an organizational unit	Grant Write Property permissions on the OU object to modify GP-Link attribute and the GP-Options attribute	Weaken security policies protecting all accounts and computers receiving policy in the OU.

5. Change precedence of GPOs linked to an organizational unit	Grant Write Property permissions on the OU object to modify GP-Options attribute and the GP-Options attribute	Weaken security policies protecting all accounts and computers receiving policy in the OU.

What if you could find out who is delegated what OU management tasks in Active Directory?

You can, with the Gold Finger Active Directory Reporting Tool Download your Free copy


<	About	Copyright ActiveDirSec.Com 2008 – 2010. All Rights Reserved	Disclaimer	>

hits counter