• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 11476
  • Last Modified:

SELF group in Acrive Directory

I would like to knwo what is
SELF group in Acrive Directory?

do I have to leave it or remove it?

Thanks
0
jskfan
Asked:
jskfan
  • 3
  • 2
1 Solution
 
tomerleiCommented:
Self is not a real group, its a relative group.
Its like the Everyone and Authenticated Users groups.
For example if you add a computer account to the AD and you want to apply a security permission on that computer and you want to give this permission to the same computer account you give it to the SELF group.

Here microsoft gives an example of using the self group for allowing a computer to use a different DNS name:
http://support.microsoft.com/default.aspx?scid=kb;en-us;320187
0
 
jskfanAuthor Commented:
<<<<For example if you add a computer account to the AD and you want to apply a security permission on that computer and you want to give this permission to the same computer account you give it to the SELF group.>>>>>>>>

can you explain this? can't we create a group and give it permission on the computer account or use authenticated users or everyone?

It's still not clear for me what the default SELF group is for.


0
 
tomerleiCommented:
I'm sorry, i guess i was pretty unclear.
here is a better explantion on the self group:

"A placeholder in an ACE on a user, group, or computer object in Active Directory. When you grant permissions to Principal Self, you grant them to the security principal represented by the object. During an access check, the operating system replaces the SID for Principal Self with the SID for the security principal represented by the object. "

Taken form http://www.ss64.com/ntsyntax/security_groups.html.

It's pretty simple, it just redirects to the object that the security permission was granted on.
0
 
jskfanAuthor Commented:
but my question was every group or user name that shows up on the security tab of an object has permissions(if they are granted) on that object.
 so I don't see where SELF group  would differ from others.
0
 
tomerleiCommented:
SELF means the object permission on itself.
If you want to grant a user object permission on himself you go to that object security tab and add SELF group and then give it the desired permissions.
about deleting that group, you shouldn't and i don't think you even can because it built-in special group like the Everyone group.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now