removing-write-all-properties-from-ou-security-permissions

Daisy Zhou 18,701 Reputation points Microsoft Vendor
2020-07-15T05:20:44.267+00:00

Hi all
I faced an issue recently which the Domain users on my domain can delete, enable and disable other users when I investigated the issue I found that the authenticated users group on the targeted OU had the following permission:
1: List all content
2:read all properties
3:write all properties
4: read permissions
5: Delete
when I deleted "delete" permission I prevented the domain users from deleted each others but when I tried to delete the "write all properties" I failed as check box recheck itself every time I remove it

Source link:
https://social.technet.microsoft.com/Forums/en-US/c5b7556c-a35f-4382-817b-611f154f6dcc/removing-write-all-properties-from-ou-security-permissions?forum=winserverDS

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,851 questions
0 comments
Accepted answer
  1. Fan Fan 15,291 Reputation points Microsoft Vendor
    2020-07-15T05:43:04.84+00:00

    Hi,

    Thanks for posting here!

    I did a test in my lab, an found that ,if i delete the write all permission only, it will recheck itself every time.
    Then i tried to clear all the permission as the screenshot showing :

    12288-7155.jpg

    and then give them the following permission needed, the write all permission will never come back.

    1: List all content

    2:read all properties

    3:read permissions

    Best Regards,

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest