Re: User Account - Security Properties

So you are showing all of the member in the right pane? You select all of them but security is greyed out?
Can you select properties?

Couple of things come to mind. If you have just one object in the select that is different (like 499 user & 1 computer) Things will be greyed out as you haven't selected all of the same thing. Also, users who belong to things like account operators or above, usualy there account is set not to inherit rights. I would assume that you want these users to inherit rights in AD. So if you can select properties. You should be able to make modifications via active directory. You will need to find the exact attribute that you need to modify in order to do this.

[This message has been edited by Trammel (edited 07-10-2006).]

Re: User Account - Security Properties

Even when I select two users the option needed is grayed out.

Re: User Account - Security Properties

The Security Properties option uses a Microsoft mechanism to display the security information; this action is not performed by Hyena. Multi-selection is not supported, as Microsoft has not provide a way to display or update the security information for multiple objects.

The only way that you could perform a multi-object update would be to use either a Microsoft utility to do that or another 3rd party security management tool (I don't know of anything off hand), or some sort of scripting tool that allowed manipulation of the security descriptor.

Re: User Account - Security Properties

Bummer...

Do you know of an MS utilitiy that would do this?

I really don't want to burn an MS inccident

Re: User Account - Security Properties

No, I don't know of any, but there should be something in the 2,000+ Resource Kit utilities to do this.

Re: User Account - Security Properties

I have already tried the Resource Kit and Support Tools. The only utility they have is to edit secutiry properties with a command line. This is only for a singl user.

I did run across this script on MS's website:
http://www.microsoft.com/technet/scr.../exrights.mspx

It looks very helpful but I must run the script agains the users who reside in a specific group, not their OU (they are spanned across 60 OU's.

ANy other help would be appreciated!

Re: User Account - Security Properties

If you found a utility that does it for a single user, then you have found a solution. You have to build a batch file with a different command in it for each user, ie:

<program name> /SET /ACCESS:<access right> /USER:<user>

You can use Excel, Access, or Hyena's Tools->Generate Macro option to help build this file.

The .VBS script on Microsoft's site might be modifiable to support a parameter, so that you could pass the username to it also from a batch file, but I don't know enough about VBS to know if this is possible. Should be able to find out with a Google or Microsoft.com search. Or open a Microsoft support case to get you over this part.