• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 11794
  • Last Modified:

SELF group in Acrive Directory

I would like to knwo what is
SELF group in Acrive Directory?

do I have to leave it or remove it?

Thanks
0
jskfan
Asked:
jskfan
  • 3
  • 2
1 Solution
 
tomerleiCommented:
Self is not a real group, its a relative group.
Its like the Everyone and Authenticated Users groups.
For example if you add a computer account to the AD and you want to apply a security permission on that computer and you want to give this permission to the same computer account you give it to the SELF group.

Here microsoft gives an example of using the self group for allowing a computer to use a different DNS name:
http://support.microsoft.com/default.aspx?scid=kb;en-us;320187
0
 
jskfanAuthor Commented:
<<<<For example if you add a computer account to the AD and you want to apply a security permission on that computer and you want to give this permission to the same computer account you give it to the SELF group.>>>>>>>>

can you explain this? can't we create a group and give it permission on the computer account or use authenticated users or everyone?

It's still not clear for me what the default SELF group is for.


0
 
tomerleiCommented:
I'm sorry, i guess i was pretty unclear.
here is a better explantion on the self group:

"A placeholder in an ACE on a user, group, or computer object in Active Directory. When you grant permissions to Principal Self, you grant them to the security principal represented by the object. During an access check, the operating system replaces the SID for Principal Self with the SID for the security principal represented by the object. "

Taken form http://www.ss64.com/ntsyntax/security_groups.html.

It's pretty simple, it just redirects to the object that the security permission was granted on.
0
 
jskfanAuthor Commented:
but my question was every group or user name that shows up on the security tab of an object has permissions(if they are granted) on that object.
 so I don't see where SELF group  would differ from others.
0
 
tomerleiCommented:
SELF means the object permission on itself.
If you want to grant a user object permission on himself you go to that object security tab and add SELF group and then give it the desired permissions.
about deleting that group, you shouldn't and i don't think you even can because it built-in special group like the Everyone group.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now