Welcome to TechNet Blogs Sign in | Join | Help
Question of the Day - AdminSDHolder

Which is the purpose of the AdminSDHolder object?

  1. Ensures that the objects like groups and users, to which applies administratives roles (those assigned through task delegation), have no more than the necessary permissions over accounts and protected groups.
  2. Prevents rights elevation over accounts and protected groups.
  3. Maintains the integrity of the permissions applied when delegating a specific tasks.
  4. 1 and 2.
  5. There is no such object.

I will publish the answer in the next days.

Regards.

Marcelo.

Posted: Monday, January 05, 2009 10:44 PM by Marcelo P. di Iorio

Comments

tony said:

my only question is why the heck did u add printer operators as a protected group?

# January 7, 2009 12:47 AM

Marcelo P. di Iorio said:

Like many other groups, the idea of being protected is to prevent rights elevation.

Just imagine a group membership administrator adding himself as Print Operator.

Thanks for your comment.

Have a nice day!

# January 7, 2009 7:05 AM

tony said:

well if you give the farm away you've given the farm away!  If you have this group member admin doing things like this then what prevents them from altering more important groups, I'd hope acls on the important group objects and ou's, thus the group member admin could maintain his list of groups but not others!

# January 7, 2009 5:19 PM

Marcelo P. di Iorio said:

The right options are 1 and 2, or 4.

# January 23, 2009 12:47 AM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

  
Enter Code Here: Required

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker