|
Home > Archive > 70-219 > July 2003 > OU to Hide Objects?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
OU to Hide Objects?
|
|
| Tech Ranger 2003-07-13, 1:01 am |
| Can someone please explain what an OU to hide objects is and exactly how it is done. According to MS Press, OUs are made for 3 possible reasons and one of them is to hide objects. | |
| Tarzanboy 2003-07-13, 3:58 pm |
| You would do it to prevent someone from accessing specific resources. IIRC you can set this up by using the Delegation of Control wizard to allow List Contents to the user or group you want to be access to see the items.
A primary example of this would be if you wanted to limit access to the HR or Accounting printers. By placing them inside of their own OU you can further limit the access to these printers by preventing them from becoming visible in AD.
Cheers,
TB | |
| Tech Ranger 2003-07-13, 6:24 pm |
| So, when we say hide we mean hide in terms of searching the global catalogue? If you don't search through AD, but go through My Network Places, or use UNC names in the run dialog box, these resources wouldn't neccessarily be hidden, am I correct? | |
| Tarzanboy 2003-07-13, 8:59 pm |
| I believe that, and feel free to correct me if I am incorrect, it only affects LDAP queries (GC and AD). There are other means in use with controlling visibility and access. Perhaps it is a bit vague and a bit of security by obscurity, but it's there.
* GPO is/can be used to limit access to Network Neighborhood, which ties into the next point.
* Shares and resources can be hidden from NBT queries with a $.
* Since neither this nor the previous point address a DNS request, an object can be kept from registering in a DNS server outside of the OU.
* Should the person request an IP, access to a resource can be refused based on ACL.
Cheers,
TB |
|
|
|
|