Restrict NTFS permissions list

  • Thread starter Thread starter Morten
  • Start date Start date
M

Morten

Hi!

I'm trying to find a way to let users in a specific OU administer NTFS
permissions on a specific server. We have an AD containing multiple
organizations. One of these organizations have a number of servers which are
part of the domain. When permissions are set on files and folders the groups
and users of all organizations are viewable. Is there a group policy or AD
permission that will allow me to limit the list of users/groups to only
contain objects from one OU?

Help is highly appreciated

Morten

PS: Sorry that I'm cross-posting but I'm not sure where I should ask this
question.
 
Morten said:
Hi!

I'm trying to find a way to let users in a specific OU administer NTFS
permissions on a specific server. We have an AD containing multiple
organizations. One of these organizations have a number of servers which
are part of the domain. When permissions are set on files and folders the
groups and users of all organizations are viewable. Is there a group
policy or AD permission that will allow me to limit the list of
users/groups to only contain objects from one OU?

Help is highly appreciated

Morten

PS: Sorry that I'm cross-posting but I'm not sure where I should ask this
question.

No.
The object picker used to set NTFS permissions see all usable objects.
 
Not in Windows 2000 unfortunately. With Windows 2003 it is possible to
create "forest" trusts that can use selective authentication and the allow
to authenticate permission to limit what groups can authenticate to a
computer or domain. You may be a long way from using all Windows 2003 domain
controllers and separate forests but I though I would mention that it has a
capability similar to what you are looking for. --- Steve
 
Back
Top