I would like to disable a users ability to search or list objects from the Active Directory. Our current directory includes private user information that users should not be able to see yet we need to continue to store it in the users description field. I have tried to deny the group containing all users at the top of the domain tree (which does prevent it) but when doing this the policy GPO scripts do not run. These scripts configure drive mappings and printer configurations automatically along with several other policies.
Optimally I would simply like to disable the Security Tab shown at the top of all object properties along with all active directory searching for identified users?