Solved

Disable drag and drop for ADUC Server 2008

Posted on 2014-04-25
6
868 Views
Last Modified: 2014-04-26
Hi all, i know there is a hot fix for this for 2003, but how do you disable this for 2008 + R2

thanks
0
Comment
Question by:cwstad2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 7

Expert Comment

by:Delete
ID: 40024214
What exactly are you trying to prevent?

Are you talking about disabling drag and drop within ADUC?  If so then in ADUC go to View and turn on Advanced Features.  Once that is on then you can select an object in ADUC and go into it's properties, then go to the Object tab and check the "Protect object from accidental deletion" check box.

If you want to do it across all objects in your Active Directory then that can be done using PowerShell.  Example: Get-ADobject -Filter * -SearchBase “OU=Users,DC=Domain,DC=com” | Set-adobject -ProtectedFromAccidentalDeletion $true
0
 
LVL 15

Author Comment

by:cwstad2
ID: 40024225
Thanks yes, some are not protected. Is there a script to find out which ones arent. Also can you stop the objects being drag and dropped?
0
 
LVL 7

Accepted Solution

by:
Delete earned 500 total points
ID: 40024271
Verify
Get-ADObject -Filter * -Properties * | where {$_.ProtectedFromAccidentalDeletion -eq $false} | select name, objectclass, ProtectedFromAccidentalDeletion

Open in new window


Change (Depending on what you want to change here is one for OU's, Users, Groups, and Computers)
Get-ADObject -filter {(ObjectClass -eq "user")} | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Open in new window


Get-ADObject -filter {(ObjectClass -eq "group")} | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Open in new window


Get-ADObject -filter {(ObjectClass -eq "computer")} | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Open in new window


Get-ADOrganizationalUnit -filter * | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Open in new window



If the Protecte object from accidental deletion box is checked you cannot drag and drop the object as you will get an Access Denied message.  If a user has the proper permissions they can always uncheck this box and the drag and drop the object, however you can restrict permissions to prevent certain users from doing this.  See this article: http://blogs.technet.com/b/abizerh/archive/2009/06/09/preventing-unwanted-accidental-deletions-and-restore-deleted-objects-in-active-directory.aspx

Remember with this box checked you can't delete or move that object until the box is cleared or the permissions modified.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 15

Author Comment

by:cwstad2
ID: 40024597
Excellent information thanks. Is it possible to stop computers and users and groups from being dragged and dropped?
0
 
LVL 7

Expert Comment

by:Delete
ID: 40024617
Both of my previous suggestions will work for all AD objects to include users, groups and computers.

The easiest way is to run the PowerShell commands I provided for each object to check the Protect object from accidental deletion.  Then users will not be able to drag and drop any of those objects without first unchecking that box.

If you don't even want users to be able to uncheck the box then you will need to delegate out the proper permissions as discussed in that link that I provided to block the users you don't want to have that access.  However, you don't want to block all users as your Domain Admins should still retain the permissions to check/uncheck the Protect objects from accidental deletion box.
0
 
LVL 15

Author Closing Comment

by:cwstad2
ID: 40024673
thanks
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question