In Microsoft Windows 2000, administrators can apply access control permissions to Active Directory objects. Administrators can also apply access control permissions to properties of a specific Active Directory object. This functionality provides the administrator detailed control over what users can do in their environment.
- Log on to a domain controller with an account that is in the Domain Administrators group.
- Run the "Active Directory Users and Computers" Microsoft Management Console (MMC) snap-in.
- On the View menu, click Advanced Features.
- In the Active Directory tree, click a specific object for which you want to modify the access control permissions that apply to a specific property. In this example, click a specific user object.
- Right-click on the user, and then click Properties.
- In the Properties dialog box, click the Security tab.
- On the Security tab, click Advanced. This opens the Access Control Settings for Username dialog box.
- In this dialog box, you see all of the permission entries that exist for this object. If you see a permission entry for which you want to add a property Access Control Entry (ACE), click Edit for the specific permission entry. Otherwise, click Add to add a new permissions entry to the Access Control List (ACL).
- Clicking Edit or Add opens the Permission Entry for Username dialog box. There are two tabs, Object and Properties. Click the Properties tab to see the properties for the object on which you can set access control permissions.
- On this tab you can set either Allow or Deny access control entries to be applied to the specific user. You can set detailed levels of permissions, such as setting permissions on items such as Read ZIP/Postal Code and Write Phone and Mail Options.
ID članka: 218596 - posljednja izmjena: 30. lis 2006. - verzija: 1