Prevent Domain Users from Browsing Active Directory OUs

[Ehab]

Hi
Is there anyway to to prevent domain users from viewing and browsing
active directory icon located in My network places.

by default all domain users can access it and see all the OUs and
users in active directory.

please help me

 

[Rob Elder MVP-Networking]

Removing the Read permission on the AD object will prevent browsing. Buy
why? One of the features of AD is to allow users to find users, printers,
shared folders.

 

[Ehab]

Because i work in a university and i dont want students to have access
to computer names and user accounts for staff and etc....
it can cause many problems if misused.

the questions is: is removing the read access from all OU's including
the container of the users. is this going to affect in anythig
like authentication, password reset, connectivity with domain, LDAP
requests. etc.....

i am afraid it would stop some domain services from be provided to
domain users if they dont have read access to the location of their
accounts..

Thanks and Regards,