What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI
COURSE of the MONTH
15 days, 6 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
can I revert permissions for "self" account in Active Directory?
Posted on 2010-11-12
I was trying to change the permissions so that users could edit all the settings in galmod32 and used the Delegate Control wizard to add permissions. After "adding" these permissions, now the users can't even change the attributes they were able to before. I also think that I applied the changes to the entire directory, not just a particular OU. Is there a way to make the permissions for "self" go back to what they were by default?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
2
6 Comments
Please try dsacls command line tool available in Windoes support tool to get back the defalut permissions in AD
dsacls DC=Domain,DC=Com /S /T..
Try do it with objects rathwer than doing it on complete domain
like dsacls ou=*****, DC=Domain,DC=Com /S /T..
Please refer this link too
http://www.enterprisenetworkingplanet.com/netos/article.php/623801/Active-Directory-Modifying-Default-Permissions.htm
dsacls DC=Domain,DC=Com /S /T..
Try do it with objects rathwer than doing it on complete domain
like dsacls ou=*****, DC=Domain,DC=Com /S /T..
Please refer this link too
http://www.enterprisenetworkingplanet.com/netos/article.php/623801/Active-Directory-Modifying-Default-Permissions.htm
I definitely learned my lesson not to apply the untried to the entire domain.
I'm not familiar with the dsacls command. I will look on my own, but can you tell me the syntax to revert the permissions for "self" back to what they were? I'm also puzzled as to why granting permissions didn't seem to work, but for right now I'd be happy to have back what we had.
I'm not familiar with the dsacls command. I will look on my own, but can you tell me the syntax to revert the permissions for "self" back to what they were? I'm also puzzled as to why granting permissions didn't seem to work, but for right now I'd be happy to have back what we had.
If I go to Properties for the domain and select the Security tab, I can look at the security setting for "Self" in there. In Advanced there is an option to replace the permission entries with the default settings. Would this take us back to where we were?
I prefer you to DSACLS, which will get you back to the default permissions. Make sure that you dont have any other sec settings changed and inplace.
Syntax as shown above
dsacls DC=Domain,DC=Com /S /T {it is for domain.com.. if you have child.acme.net, it is dsacls DC=child,DC=acme.dc=net /S /T }
Please try it in one OU and carryout for domain like dsacls OU=sales,DC=child,DC=acme,
Syntax as shown above
dsacls DC=Domain,DC=Com /S /T {it is for domain.com.. if you have child.acme.net, it is dsacls DC=child,DC=acme.dc=net /S /T }
Please try it in one OU and carryout for domain like dsacls OU=sales,DC=child,DC=acme,
I ran the command against an OU to test it and it seemed to correct everything just fine. I ran it against the rest of the domain next. It appeared to work alright, but I got two unsettling messages "Cannot remove the folder" and "The command completed unsuccessfully." On the other hand everything seemed to be back to normal when I tested it with galmod32.
There seemed to be a momentary glitch later on when I couldn't connect to the Exchange server and Activesync for Exchange on my phone quit working, but then in a few minutes it was working again.
Thoughts?
There seemed to be a momentary glitch later on when I couldn't connect to the Exchange server and Activesync for Exchange on my phone quit working, but then in a few minutes it was working again.
Thoughts?
Featured Post
ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.
One of a set of tools we're offering as a way to say thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
by Batuhan Cetin
In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment.
These steps are not necessary in a Win…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Course of the Month15 days, 6 hours left to enroll
771 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.