Solved

can I revert permissions for "self" account in Active Directory?

Posted on 2010-11-12
6
540 Views
Last Modified: 2012-05-10
I was trying to change the permissions so that users could edit all the settings in galmod32 and used the Delegate Control wizard to add permissions.  After "adding" these permissions, now the users can't even change the attributes they were able to before.  I also think that I applied the changes to the entire directory, not just a particular OU.  Is there a way to make the permissions for "self" go back to what they were by default?
0
Comment
Question by:hawthornedirect
  • 4
  • 2
6 Comments
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 34123991
Please try dsacls command line tool available in Windoes support tool to get back the defalut permissions in AD

dsacls DC=Domain,DC=Com /S /T..

Try do it with objects rathwer than doing it on complete domain

like dsacls ou=*****, DC=Domain,DC=Com /S /T..


Please refer this link too

http://www.enterprisenetworkingplanet.com/netos/article.php/623801/Active-Directory-Modifying-Default-Permissions.htm
0
 

Author Comment

by:hawthornedirect
ID: 34124135
I definitely learned my lesson not to apply the untried to the entire domain.

I'm not familiar with the dsacls command.  I will look on my own, but can you tell me the syntax to revert the permissions for "self" back to what they were?  I'm also puzzled as to why granting permissions didn't seem to work, but for right now I'd be happy to have back what we had.
0
 

Author Comment

by:hawthornedirect
ID: 34124206
If I go to Properties for the domain and select the Security tab, I can look at the security setting for "Self" in there.  In Advanced there is an option to replace the permission entries with the default settings.  Would this take us back to where we were?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 6

Accepted Solution

by:
Vipin Vasudevan earned 500 total points
ID: 34124286
I prefer you to DSACLS, which will get you back to the default permissions. Make sure that you dont have any other sec settings  changed and inplace.  

Syntax as shown above

dsacls DC=Domain,DC=Com /S /T {it is for domain.com.. if you have child.acme.net, it is dsacls DC=child,DC=acme.dc=net /S /T }  

Please try it in one OU and carryout for domain like dsacls OU=sales,DC=child,DC=acme,dc=net /S /T
0
 

Author Comment

by:hawthornedirect
ID: 34125070
I ran the command against an OU to test it and it seemed to correct everything just fine.  I ran it against the rest of the domain next.  It appeared to work alright, but I got two unsettling messages "Cannot remove the folder" and "The command completed unsuccessfully."  On the other hand everything seemed to be back to normal when I tested it with galmod32.

There seemed to be a momentary glitch later on when I couldn't connect to the Exchange server and Activesync for Exchange on my phone quit working, but then in a few minutes it was working again.

Thoughts?
0
 

Author Comment

by:hawthornedirect
ID: 34125077
I have a backup of the domain controller from last night, so I've saved it in two different places just in case this blows up in my face.  Thanks so much for your help.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now