Denying users not to browse AD users and Computers

[nwtest]

By default authenticated users can install AdminPak on
thier machine(assume they have rights to install programs)
and they will have Active Directory USers and Computers
MMC, Active directory Sites and Services, DNS etc etc.
How can I prevent them from seeing this AD USers and
Computers objects and no browsing?

Does it make sense for them to browse the AD content..

 

[Herb Martin]

By default authenticated users can install AdminPak on
thier machine(assume they have rights to install programs)
and they will have Active Directory USers and Computers
MMC, Active directory Sites and Services, DNS etc etc.
How can I prevent them from seeing this AD USers and
Computers objects and no browsing?

Permissions -- remove the "Read ALL" or whatever is allowing them
to access such things.

Does it make sense for them to browse the AD content..

Only you (and your management) can decide if this makes sense --
for some companies it does.