DS Rights 1

0 Likes

DSRights is a utility that displays the Directory Services rights one object has to another and how the rights were derived from the tree.

Installation Instructions

Copy DSRIGHTS.EXE to the SYS:\PUBLIC directory on your server.

Usage

DSRights <object A><object B>

This displays a flow diagram of Object A and its equivalents with their rights to Object B. It shows Object, All Property, and Selected Property rights.

Usage

DSRights <object A><object B>

This displays a flow diagram of Object A and its equivalents with their rights to Object B. It shows Object, All Property, and Selected Property rights.

Issue

DSRights has not been tested in non-English languages.

Frequently Asked Questions:

Q: What rights do I need in the tree to run DSRights?
A: You must have rights to read
     1) The ACL property for Object B and its parents including [Root]
     2) The Security Equivalent property for Object A.

Q: Why are some rights displayed in upper case and some in lower case?
A: Some explicit rights imply other rights. Here are some examples:
     1) Object [S----] implies Object [Sbwrc],
          All Property [scrwa],
          Selected Property [scrwa].
     2) All Property [---W-] implies All Property [---Wa]
          All Property [--R-- ] implies All Property [-cR--]
     3) Selected Property [---W-] implies Selected Property [---Wa]
          Selected Property [--R-- ] implies Selected Property [-cR--]

The uppercase letters show explicit rights given while the lowercase letters show that a right is in effect or implied.

Q: Why are Selected properties only displayed relative to object B?
A: Object and All Property rights can be inherited, but Selected Property rights cannot. Therefore, the only Selected Property rights that object A has to object B are those rights that object A (or its equivalents) is explicitly given to object B.

Q: Why does this utility show equivalences of object A that are not shown as Security Equivalents in NetAdmin or NWAdmin?
A: By default, All objects are security equivalent to 1) [Public], 2) all of its parents including [Root]. For example, for an object whose full name is LMinser.eng.newyork.acme , we see that LMinser is a security equivalent to [Public], eng, newyourk, acme, and [Root]. The significance of this it that these equivalents are NOT inherited, and therefore, CANNOT be blocked by an inherited rights filter.

Tags:

Labels:

Collateral
Comment List
Anonymous
Related Discussions
Recommended