Announcement

Collapse
No announcement yet.

User Account - Security Properties

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • User Account - Security Properties

    We have roughly 500 user accounts that belong to a Security Group. Within each of their account properties the "inherit" check box is unchecked within the Advanced section of the Security tab. This is causing a real problem within our organization.

    The accounts are spanned across mutlipule OU's.

    I have pulled up all of the user accounts in the security group by double clicking the "Global Groups" > "Group Name" > "members" But when I right click on all of the accounts the "Security Properties" is grayed out.

    Is there a way to mass select these accounts? Do I really need to change these properties one-by-one?

    Help.



    [This message has been edited by ColbyTrio (edited 07-10-2006).]

  • #2
    Re: User Account - Security Properties

    So you are showing all of the member in the right pane? You select all of them but security is greyed out?
    Can you select properties?

    Couple of things come to mind. If you have just one object in the select that is different (like 499 user & 1 computer) Things will be greyed out as you haven't selected all of the same thing. Also, users who belong to things like account operators or above, usualy there account is set not to inherit rights. I would assume that you want these users to inherit rights in AD. So if you can select properties. You should be able to make modifications via active directory. You will need to find the exact attribute that you need to modify in order to do this.

    [This message has been edited by Trammel (edited 07-10-2006).]

    Comment


    • #3
      Re: User Account - Security Properties

      Even when I select two users the option needed is grayed out.

      Comment


      • #4
        Re: User Account - Security Properties

        The Security Properties option uses a Microsoft mechanism to display the security information; this action is not performed by Hyena. Multi-selection is not supported, as Microsoft has not provide a way to display or update the security information for multiple objects.

        The only way that you could perform a multi-object update would be to use either a Microsoft utility to do that or another 3rd party security management tool (I don't know of anything off hand), or some sort of scripting tool that allowed manipulation of the security descriptor.
        Kevin Stanush
        SystemTools Software Inc.

        Comment


        • #5
          Re: User Account - Security Properties

          Bummer...

          Do you know of an MS utilitiy that would do this?

          I really don't want to burn an MS inccident

          Comment


          • #6
            Re: User Account - Security Properties

            No, I don't know of any, but there should be something in the 2,000+ Resource Kit utilities to do this.
            Kevin Stanush
            SystemTools Software Inc.

            Comment


            • #7
              Re: User Account - Security Properties

              I have already tried the Resource Kit and Support Tools. The only utility they have is to edit secutiry properties with a command line. This is only for a singl user.

              I did run across this script on MS's website:
              http://www.microsoft.com/technet/scr.../exrights.mspx

              It looks very helpful but I must run the script agains the users who reside in a specific group, not their OU (they are spanned across 60 OU's.

              ANy other help would be appreciated!

              Comment


              • #8
                Re: User Account - Security Properties

                If you found a utility that does it for a single user, then you have found a solution. You have to build a batch file with a different command in it for each user, ie:

                <program name> /SET /ACCESS:<access right> /USER:<user>

                You can use Excel, Access, or Hyena's Tools->Generate Macro option to help build this file.

                The .VBS script on Microsoft's site might be modifiable to support a parameter, so that you could pass the username to it also from a batch file, but I don't know enough about VBS to know if this is possible. Should be able to find out with a Google or Microsoft.com search. Or open a Microsoft support case to get you over this part.
                Kevin Stanush
                SystemTools Software Inc.

                Comment

                Working...
                X