Windows Server 2008: What's New / What's Changed Part #8 of 12: Chapter 7 - Active Directory
This snippet from Chapter 7 of my new book Windows Server 2008: What's New / What's Changed is brought to you by SAPIEN Press. Get your copy at http://www.sapienpress.com/Windows_Server_08.asp.
AD Object Protection
Have you ever accidentally clicked on the wrong object in Active Directory Users & Computers and then hit Delete? Aiiieee! Individual object restoration in AD has traditionally been cumbersome enough that our result is usually recreating the object with all its properties. But that process is arduous too. Trying to figure out which members were in the deleted group or what properties were set for the deleted user is also a pain. Even worse is the deletion of an entire OU of data. If you've done that or had to clean it up when someone else did, you have my condolences.
More after the fold...
What if there was a way that you could configure a set of objects in the Active Directory so they could never be deleted? This would obviously make accidental deletion much harder. Server 2008 now sports this nifty new capability.
Full disclosure: Server 2008's Object Protection feature isn't really new at all. But its convenient exposure in the GUI is. Take a look at the GPMC. Shown there in the properties window for an OU, note the new checkbox in the Object tab titled Protect object from accidental deletion. Setting this checkbox effectively updates the Access Control List for the object, specifically configuring the Deny Delete and Deny Delete Subtree permissions for the Everyone group for This object only.
(Want to read all the posts in this series? Click here.)
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine