Inheritance of ACL is randomly set on new user accounts

Inheritance of ACL is randomly set on new user accounts

Post by Dmitry Kor » Thu, 28 Aug 2003 23:20:28


This is a multi-part message in MIME format.



W2k native mode forest.

Some newly-created user accounts have security permissions inheritance flag set (ie they inherit settings from parent container hierarchy). At the same time, other user accounts do not have this flag set, even if created in the very same OU (and no top-level security setting have been changed meanwhile), do not have inheritance set. So far we found no corellation between such behavior and other factors such as who, when, and using which dc creates user account. This is very weird and definitely not a normal behavior.

--
Dmitry Korolyov,
XXXX@XXXXX.COM
To e-mail me, remove "nospamformorons".

--
Dmitry Korolyov,
XXXX@XXXXX.COM
To e-mail me, remove "nospamformorons".
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=koi8-r">
<META content="MSHTML 6.00.3790.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>W2k native mode forest.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Some newly-created user accounts have security
permissions inheritance flag set (ie they inherit settings from parent container
hierarchy). At the same time, other user accounts do not have this flag set,
even if created in the very same OU (and no top-level security setting have been
changed meanwhile), do not have inheritance set. So far we found no corellation
between such behavior and other factors such as who, when, and using which dc
creates user account. This is very weird and definitely not a normal
behavior.</FONT></DIV>
<DIV><FONT face=Arial size=2><BR>-- <BR>Dmitry Korolyov,<BR><A
href="mailto: XXXX@XXXXX.COM "> XXXX@XXXXX.COM </A><BR>To
e-mail me, remove "nospamformorons".</FONT></DIV><BR>-- <BR>Dmitry
Korolyov,<BR><A
href="mailto: XXXX@XXXXX.COM "> XXXX@XXXXX.COM </A><BR>To
e-mail me, remove "nospamformorons".</FONT></DIV></BODY></HTML>