Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Disable drag and drop for ADUC Server 2008

Posted on 2014-04-25
6
Medium Priority
?
919 Views
Last Modified: 2014-04-26
Hi all, i know there is a hot fix for this for 2003, but how do you disable this for 2008 + R2

thanks
0
Comment
Question by:cwstad2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 7

Expert Comment

by:Delete
ID: 40024214
What exactly are you trying to prevent?

Are you talking about disabling drag and drop within ADUC?  If so then in ADUC go to View and turn on Advanced Features.  Once that is on then you can select an object in ADUC and go into it's properties, then go to the Object tab and check the "Protect object from accidental deletion" check box.

If you want to do it across all objects in your Active Directory then that can be done using PowerShell.  Example: Get-ADobject -Filter * -SearchBase “OU=Users,DC=Domain,DC=com” | Set-adobject -ProtectedFromAccidentalDeletion $true
0
 
LVL 15

Author Comment

by:cwstad2
ID: 40024225
Thanks yes, some are not protected. Is there a script to find out which ones arent. Also can you stop the objects being drag and dropped?
0
 
LVL 7

Accepted Solution

by:
Delete earned 2000 total points
ID: 40024271
Verify
Get-ADObject -Filter * -Properties * | where {$_.ProtectedFromAccidentalDeletion -eq $false} | select name, objectclass, ProtectedFromAccidentalDeletion

Open in new window


Change (Depending on what you want to change here is one for OU's, Users, Groups, and Computers)
Get-ADObject -filter {(ObjectClass -eq "user")} | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Open in new window


Get-ADObject -filter {(ObjectClass -eq "group")} | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Open in new window


Get-ADObject -filter {(ObjectClass -eq "computer")} | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Open in new window


Get-ADOrganizationalUnit -filter * | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Open in new window



If the Protecte object from accidental deletion box is checked you cannot drag and drop the object as you will get an Access Denied message.  If a user has the proper permissions they can always uncheck this box and the drag and drop the object, however you can restrict permissions to prevent certain users from doing this.  See this article: http://blogs.technet.com/b/abizerh/archive/2009/06/09/preventing-unwanted-accidental-deletions-and-restore-deleted-objects-in-active-directory.aspx

Remember with this box checked you can't delete or move that object until the box is cleared or the permissions modified.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 15

Author Comment

by:cwstad2
ID: 40024597
Excellent information thanks. Is it possible to stop computers and users and groups from being dragged and dropped?
0
 
LVL 7

Expert Comment

by:Delete
ID: 40024617
Both of my previous suggestions will work for all AD objects to include users, groups and computers.

The easiest way is to run the PowerShell commands I provided for each object to check the Protect object from accidental deletion.  Then users will not be able to drag and drop any of those objects without first unchecking that box.

If you don't even want users to be able to uncheck the box then you will need to delegate out the proper permissions as discussed in that link that I provided to block the users you don't want to have that access.  However, you don't want to block all users as your Domain Admins should still retain the permissions to check/uncheck the Protect objects from accidental deletion box.
0
 
LVL 15

Author Closing Comment

by:cwstad2
ID: 40024673
thanks
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question