pharaoh fortune slot
ExamNotes.net
Welcome, Guest. Please login or register.
November 22, 2017, 05:16:55 AM

Login with username, password and session length
* Home Help Search Login Register
+  ExamNotes.net
|-+  Microsoft (MCSE, MCSD, MOUS, MCAD)
| |-+  MCSE elective exams
| | |-+  70-219
| | | |-+  OU to Hide Objects?
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: OU to Hide Objects?  (Read 1161 times)
Tech Ranger
On A Mission
Hero Member
*****
Offline Offline

Posts: 5309

2


View Profile
« on: July 13, 2003, 02:01:16 AM »

Can someone please explain what an OU to hide objects is and exactly how it is done.  According to MS Press, OUs are made for 3 possible reasons and one of them is to hide objects.
Logged

The Computer is a creation of man.  Man is a creation of God! -  
Joe from Brooklyn
Tarzanboy
Senior Member
Hero Member
*****
Offline Offline

Posts: 1013

0


View Profile
« Reply #1 on: July 13, 2003, 04:58:41 PM »

You would do it to prevent someone from accessing specific resources. IIRC you can set this up by using the Delegation of Control wizard to allow List Contents to the user or group you want to be access to see the items.

A primary example of this would be if you wanted to limit access to the HR or Accounting printers. By placing them inside of their own OU you can further limit the access to these printers by preventing them from becoming visible in AD.

Cheers,
TB
Logged
Tech Ranger
On A Mission
Hero Member
*****
Offline Offline

Posts: 5309

2


View Profile
« Reply #2 on: July 13, 2003, 07:24:51 PM »

So, when we say hide we mean hide in terms of searching the global catalogue?  If you don't search through AD, but go through My Network Places, or use UNC names in the run dialog box, these resources wouldn't neccessarily be hidden, am I correct?
Logged

The Computer is a creation of man.  Man is a creation of God! -  
Joe from Brooklyn
Tarzanboy
Senior Member
Hero Member
*****
Offline Offline

Posts: 1013

0


View Profile
« Reply #3 on: July 13, 2003, 09:59:50 PM »

I believe that, and feel free to correct me if I am incorrect, it only affects LDAP queries (GC and AD). There are other means in use with controlling visibility and access. Perhaps it is a bit vague and a bit of security by obscurity, but it's there.

* GPO is/can be used to limit access to Network Neighborhood, which ties into the next point.
* Shares and resources can be hidden from NBT queries with a $.
* Since neither this nor the previous point address a DNS request, an object can be kept from registering in a DNS server outside of the OU.
* Should the person request an IP, access to a resource can be refused based on ACL.  

Cheers,
TB
Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC Valid XHTML 1.0! Valid CSS!