all extended rights permission -alternative

amitay 1 Reputation point

We want to limit users in viewing passwords only to their workstation, we saw that we should give them:

All extended rights

We want to know if there is a possibility to "chunk" All extended rights
and provide other more limited privileges.
I didn't find anything similar online, is there such a possibility?
to be more clear, we dont want to give them " All extended rights" we want to give the less permission.
what can we do?

Windows Group Policy
Windows Group Policy
A feature of Windows that enables policy-based administration using Active Directory.
2,128 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
4,300 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Gary Reynolds 8,931 Reputation points

    Hi @amitay

    Read this section of this article which example how to limit the permissions that granted to be able to read a confidential attribute. You can either assign the permission at the ou level with a single group or manually assign the user specific rights to their workstation object.


    0 comments No comments