DSSEC.DAT file

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I need to delegate some AD permissions for which an entry does not exist
within the dssec.dat file. For example I want to prevent the "Smart card is
required for interactive logon" attribute being changed, and I would like to
hide the sessions tab, among other things. I gather to access these things we
can manually enter extra lines in dssec.dat.

Does anyone know where I can find the dssec syntax for all the available
attrubites?

Regards,
Phil.
 
I need to delegate some AD permissions for which an entry does
not exist
within the dssec.dat file. For example I want to prevent the
"Smart card is
required for interactive logon" attribute being changed, and I
would like to
hide the sessions tab, among other things. I gather to access
these things we
can manually enter extra lines in dssec.dat.

Does anyone know where I can find the dssec syntax for all the
available
attrubites?

Regards,
Phil.
Click to expand...

see: http://www.dx21.com/SCRIPTING/ADSI/ADGUI/USER3.ASP

"Smart card is required for interactive logon" is represented by a bit
of the useraccountcontrol attribute. So to delegate what you want you
need to delegate to the useraccountcontrol attribute. The problem with
this is you automatically delegate to the OTHER bits in the
useraccountcontrol attribute like disabling accounts, etc.
 
That is exactly the peoblem I have. I need to delegate some things contaioned
within useraccountcontrol but not others. I believe there is a way of tying
it down to individual attributes.
 
Nope.

You would need to build your own little system to proxy the changes. People
would for instance auth to a web site which says which bits each individual is
able to update and then they can ask the web site to update on their behalf.
 
OK. Thanks for your help guys.

Regards,
Phil.

Joe Richards said:
Nope.

You would need to build your own little system to proxy the changes. People
would for instance auth to a web site which says which bits each individual is
able to update and then they can ask the web site to update on their behalf.
Click to expand...
 
Back
Top