Prevent Domain Users from Browsing Active Directory OUs

  • Thread starter Thread starter Ehab
  • Start date Start date
E

Ehab

Hi
Is there anyway to to prevent domain users from viewing and browsing
active directory icon located in My network places.

by default all domain users can access it and see all the OUs and
users in active directory.

please help me.
 
If you want to restrict users from browsing, then you will have to remove
their Read and List Contents permission to appropriate OUs. However, you can
just remove the "Directory" folder from my network places using the
following GPO setting:

User Configuration\Administrative Templates\Desktop\Active Directory, "Hide
active directory folder"

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Active Directory


Hi
Is there anyway to to prevent domain users from viewing and browsing
active directory icon located in My network places.

by default all domain users can access it and see all the OUs and
users in active directory.

please help me.
 
Hi
Is there anyway to to prevent domain users from viewing and browsing
active directory icon located in My network places.

by default all domain users can access it and see all the OUs and
users in active directory.

please help me.
Click to expand...

The Hide Active Directory folder policy (User
Configuration\AdministrativeTemplates\Desktop\Active Directory) hides the Active
Directory folder in My Network Places
See tip 3275 in the 'Tips & Tricks' at http://www.jsiinc.com


Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
Hi Dimka :

----- Dmitry Korolyov [MVP] wrote: ----

If you want to restrict users from browsing, then you will have to remov
their Read and List Contents permission to appropriate OUs. However, you ca
just remove the "Directory" folder from my network places using th
following GPO setting

User Configuration\Administrative Templates\Desktop\Active Directory, "Hid
active directory folder

--
Dmitry Korolyov [[email protected]
MVP: Windows Server - Active Director


H
Is there anyway to to prevent domain users from viewing and browsin
active directory icon located in My network places

by default all domain users can access it and see all the OUs an
users in active directory

please help me
 
the whole thing is because i work in a university and i dont want
students to have access to computer names and user accounts for staff
and etc....
it can cause many problems if misused.

the questions is: is removing the read access from all OU's including
the container of the users. is this going to affect in anythig
like authentication, password reset, connectivity with domain, LDAP
requests. etc.....

i am afraid it would stop some domain services from be provided to
domain users if they dont have read access to the location of their
accounts..

Thanks and Regards,
 
Back
Top