• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 174
  • Last Modified:

SBS User Security Property Page, Changes disapear next day

Hi,
When making changes to the User account, security property page, on a Microsoft Small Business Server 2003, the changes that are made are gone the next day. If I add a user account and assign "send as", or even if I change an existing account or group object, the changes are saved for a while, i.e. I can close it, open it immediately, and the changes are still there. But if I open it the next day all changes are gone. The user accounts are in the default OU.
0
palmtek
Asked:
palmtek
  • 3
  • 2
1 Solution
 
oBdACommented:
This user is (or has been at one point) member of a "protected group" (Administrators, Account Operators, Server Operators, Print Operators, Backup Operators, Domain Admins, Schema Admins, Enterprise Admins, Cert Publishers); check here for details:
The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
http://support.microsoft.com/?kbid=907434

Delegated permissions are not available and inheritance is automatically disabled
http://support.microsoft.com/?kbid=817433

AdminSDHolder Thread Affects Transitive Members of Distribution Groups
http://support.microsoft.com/?kbid=318180

Security tab of the adminSDHolder object does not display all properties
http://support.microsoft.com/?kbid=301188
0
 
palmtekAuthor Commented:
oBdA:
The first tid you cited looks like the answer but there are no administrative groups in this account.
The user belongs to these groups.
Power Users
Domain Users
"domainname group"
"domainname group" (distribution list group)
Internet Users
Mobile Users
Remote Web Workplace Users
0
 
oBdACommented:
For one thing, it's enough if the user has been at some point a member of an administrative group; check the second article, there's an issue with resetting the inheritance flag.
Then out of experience, it seems that the Power Users falls under the "protected groups" as well (but I can't find official documentation, only cases in which it helped to remove the user from the Power Users group); so try this if the inheritance issue doesn't apply.
0
 
palmtekAuthor Commented:
oBdA, Have you ever tried removing inheritance from a user object before as a workaround to this problem or does not matter?
0
 
oBdACommented:
Well, inheritance is automatically removed from the protected accounts ...
The issue above is that the inheritance isn't in all cases automatically turned on again after a user has been removed from all protected groups, so protecting an account that doesn't need it anymore. The second article has a script to correct that.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now