• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1016
  • Last Modified:

Disable drag and drop for ADUC Server 2008

Hi all, i know there is a hot fix for this for 2003, but how do you disable this for 2008 + R2

thanks
0
cwstad2
Asked:
cwstad2
  • 3
  • 3
1 Solution
 
DeleteCommented:
What exactly are you trying to prevent?

Are you talking about disabling drag and drop within ADUC?  If so then in ADUC go to View and turn on Advanced Features.  Once that is on then you can select an object in ADUC and go into it's properties, then go to the Object tab and check the "Protect object from accidental deletion" check box.

If you want to do it across all objects in your Active Directory then that can be done using PowerShell.  Example: Get-ADobject -Filter * -SearchBase “OU=Users,DC=Domain,DC=com” | Set-adobject -ProtectedFromAccidentalDeletion $true
0
 
cwstad2Author Commented:
Thanks yes, some are not protected. Is there a script to find out which ones arent. Also can you stop the objects being drag and dropped?
0
 
DeleteCommented:
Verify
Get-ADObject -Filter * -Properties * | where {$_.ProtectedFromAccidentalDeletion -eq $false} | select name, objectclass, ProtectedFromAccidentalDeletion

Open in new window


Change (Depending on what you want to change here is one for OU's, Users, Groups, and Computers)
Get-ADObject -filter {(ObjectClass -eq "user")} | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Open in new window


Get-ADObject -filter {(ObjectClass -eq "group")} | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Open in new window


Get-ADObject -filter {(ObjectClass -eq "computer")} | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Open in new window


Get-ADOrganizationalUnit -filter * | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Open in new window



If the Protecte object from accidental deletion box is checked you cannot drag and drop the object as you will get an Access Denied message.  If a user has the proper permissions they can always uncheck this box and the drag and drop the object, however you can restrict permissions to prevent certain users from doing this.  See this article: http://blogs.technet.com/b/abizerh/archive/2009/06/09/preventing-unwanted-accidental-deletions-and-restore-deleted-objects-in-active-directory.aspx

Remember with this box checked you can't delete or move that object until the box is cleared or the permissions modified.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
cwstad2Author Commented:
Excellent information thanks. Is it possible to stop computers and users and groups from being dragged and dropped?
0
 
DeleteCommented:
Both of my previous suggestions will work for all AD objects to include users, groups and computers.

The easiest way is to run the PowerShell commands I provided for each object to check the Protect object from accidental deletion.  Then users will not be able to drag and drop any of those objects without first unchecking that box.

If you don't even want users to be able to uncheck the box then you will need to delegate out the proper permissions as discussed in that link that I provided to block the users you don't want to have that access.  However, you don't want to block all users as your Domain Admins should still retain the permissions to check/uncheck the Protect objects from accidental deletion box.
0
 
cwstad2Author Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now