Recipe 14.11 Changing the Default ACL for an Object Class in the Schema
14.11.1 Problem
You want to change the default ACL for an object class in the schema.
14.11.2 Solution
14.11.2.1 Using a graphical user interface
Open the Active Directory Schema snap-in. In the left pane, browse to the class you want to modify. Right-click on it and select Properties. Select the Default Security tab. Use the ACL Editor to change the ACL. Click OK.
|
The Default Security tab is available only in the Windows Server 2003
version of the Active Directory Schema snap-in. See MS KB 265399 for
the manual approach that is needed with Windows 2000.
|
|
14.11.3 Discussion
Each instantiated object in Active Directory has an associated
structural class that defines a default security descriptor
(defaultSecurityDescriptor attribute).
When an object is created, the default security descriptor is applied
to it. This, along with inheritable permissions from the parent
container, determines how an object's security
descriptor is initially defined.
14.11.4 See Also
Recipe 14.12 for comparing the ACL of an
object to the default defined in the schema, Recipe 14.13 for resetting the ACL of an object to that
defined in the schema, and MS KB 265399 (HOW TO: Change Default
Permissions for Objects That Are Created in the Active Directory)
|