Archive for category MS Active Directory

Group Policy useful links

Leave a comment

Inheritance is automatically disabled on some user accounts approximately one time an hour

The following list describes the protected groups in Windows Server 2003:

  • Administrators
  • Account Operators
  • Server Operators
  • Print Operators
  • Backup Operators
  • Domain Admins
  • Schema Admins
  • Enterprise Admins
  • Cert Publishers

Protected groups are defined by the operating system and cannot be unprotected. Members of protected group become protected. The result of protection is that the permissions (ACLs) of members are modified so that they no longer inherit permissions from their OU but, rather, receive a copy of an ACL that is quite restrictive.

Additional information: http://support.microsoft.com/kb/817433

Recommendation: follow best practice – use a separate account for administrative tasks.

Leave a comment

Useful MS Active Directory links

Leave a comment