| Author |
Message |
marv
Guest
|
 Posted:
Thu Jan 13, 2005 7:01 pm Post subject:
Set DACL on multiple zones? |
|
|
Is there a way to set permissions on multiple zones other than manually go
through the zones one by one?
Anyone got a script maybe?
--
System Technician
AD, DNS, Scripting... |
|
| Back to top |
|
 |
Herb Martin
Guest
|
| Posted:
Thu Jan 13, 2005 7:42 pm Post subject:
Re: Set DACL on multiple zones? |
|
|
"marv" <marv@discussions.microsoft.com> wrote in message
news:401F8DC5-C04B-4664-8C8A-3451307FD02A@microsoft.com...
| Quote: | Is there a way to set permissions on multiple zones other than manually go
through the zones one by one?
Anyone got a script maybe?
|
Where are you trying to do this, in AD or the file
system?
What specifically are you trying to accomplish....
for %a in (*.dns) do cacls %a /e /g who:whatever.... |
|
| Back to top |
|
|
marv
Guest
|
| Posted:
Thu Jan 13, 2005 8:21 pm Post subject:
Re: Set DACL on multiple zones? |
|
|
I´m talking about the AD objects.
I have alot of dns zones and I´m looking for an easy way to change the
permissions of them.
I use Windows 2003 and the dns info is in an application partition in AD.
"Herb Martin" wrote:
| Quote: | "marv" <marv@discussions.microsoft.com> wrote in message
news:401F8DC5-C04B-4664-8C8A-3451307FD02A@microsoft.com...
Is there a way to set permissions on multiple zones other than manually go
through the zones one by one?
Anyone got a script maybe?
Where are you trying to do this, in AD or the file
system?
What specifically are you trying to accomplish....
for %a in (*.dns) do cacls %a /e /g who:whatever....
|
|
|
| Back to top |
|
|
Roger Abell [MVP]
Guest
|
| Posted:
Thu Jan 13, 2005 10:10 pm Post subject:
Re: Set DACL on multiple zones? |
|
|
What are you trying to accomplish by changing the permissions?
You might be able to accomplish by inheritance onto zone data
objects, but might not - and you may break things if the changes
you envision do not play well.
--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA, MCSE W2k3+W2k+Nt4
"marv" <marv@discussions.microsoft.com> wrote in message
news:0A0E9287-1D0B-4D88-BAEC-C8024A0BAA1A@microsoft.com...
| Quote: | I´m talking about the AD objects.
I have alot of dns zones and I´m looking for an easy way to change the
permissions of them.
I use Windows 2003 and the dns info is in an application partition in AD.
"Herb Martin" wrote:
"marv" <marv@discussions.microsoft.com> wrote in message
news:401F8DC5-C04B-4664-8C8A-3451307FD02A@microsoft.com...
Is there a way to set permissions on multiple zones other than manually
go
through the zones one by one?
Anyone got a script maybe?
Where are you trying to do this, in AD or the file
system?
What specifically are you trying to accomplish....
for %a in (*.dns) do cacls %a /e /g who:whatever....
|
|
|
| Back to top |
|
|
Kevin D. Goodknecht Sr. [
Guest
|
| Posted:
Thu Jan 13, 2005 10:12 pm Post subject:
Re: Set DACL on multiple zones? |
|
|
In news:0A0E9287-1D0B-4D88-BAEC-C8024A0BAA1A@microsoft.com,
marv <marv@discussions.microsoft.com> commented
Then Kevin replied below:
| Quote: | I´m talking about the AD objects.
I have alot of dns zones and I´m looking for an easy way
to change the permissions of them.
I use Windows 2003 and the dns info is in an application
partition in AD.
|
Right click on the server name in the DNS console, and select the Security
tab. The zones must be set to allow inheritable permissions to propagate.
And any permissions you want to propagate must be "This object and all child
objects" Which is set with the Advanced button on the Security tab.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
=================================== |
|
| Back to top |
|
|
marv
Guest
|
| Posted:
Fri Jan 14, 2005 12:27 am Post subject:
Re: Set DACL on multiple zones? |
|
|
OK maybe I need to clarify a few things.
I´ve got about 50 reverse lookup zones and I havn´t found a way to force the
propagation of permissions. The zones are all set up to use inheritance but
unlike setting permissions on files and folders there is no check box for
forcing the propagation. Or am I mistaken?
I want to delegate control to a new group for the reverse lookup zones which
were created some time ago. Unfortunately I´m a lazy computer nerd and I
shiver only by thinking about doing those 6 mouse clicks per zone. I´d rather
wait a few days for this nice community to give me some advice.
I´ve been looking into the AD/System/MicrosoftDNS container to see if there
is a way to apply the permissions from there rather than through the DNS mmc
snap-in but I guess it´s basically the same thing. Any ideas on how to save
my index finger from tiring?
I havn´t been able to find a way to set the permissions with dnscmd.exe.
"Kevin D. Goodknecht Sr. [MVP]" wrote:
| Quote: | In news:0A0E9287-1D0B-4D88-BAEC-C8024A0BAA1A@microsoft.com,
marv <marv@discussions.microsoft.com> commented
Then Kevin replied below:
I´m talking about the AD objects.
I have alot of dns zones and I´m looking for an easy way
to change the permissions of them.
I use Windows 2003 and the dns info is in an application
partition in AD.
Right click on the server name in the DNS console, and select the Security
tab. The zones must be set to allow inheritable permissions to propagate.
And any permissions you want to propagate must be "This object and all child
objects" Which is set with the Advanced button on the Security tab.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|
| Back to top |
|
|
Kevin D. Goodknecht Sr. [
Guest
|
| Posted:
Fri Jan 14, 2005 4:52 am Post subject:
Re: Set DACL on multiple zones? |
|
|
In news:146E805B-795B-4B74-9827-D823636FEEDB@microsoft.com,
marv <marv@discussions.microsoft.com> commented
Then Kevin replied below:
| Quote: | OK maybe I need to clarify a few things.
I´ve got about 50 reverse lookup zones and I havn´t found
a way to force the propagation of permissions. The zones
are all set up to use inheritance but unlike setting
permissions on files and folders there is no check box
for forcing the propagation. Or am I mistaken?
|
Yes you are, use the Advanced button on the ACL interface.
Add your permission and select This Object and all child objects from the
drop down list. Then any zone that uses "allow inheritable permissions from
the parent to propagate to this object" will get the new permissions.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
=================================== |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in