Built-in container and System account questions

[Guest runner7@fastmail.fm]

Hi. These questions are just to try to get a handle on what some of

this stuff means in Windows Server. Any help would be most

appreciated.

 

Is the Built-in container which contains the default groups the same

as an OU? If not, what is the difference between the two?

 

The System account seems to have permissions to folders by default.

What happens if you delete it and set permissions only for people user

accounts? Do you lose functionality for some services? Do you

enhance security?

 

Thanks.

[Guest net_admin]

RE: Built-in container and System account questions

 

I think you'd better take some training/readme material and go through it.

Unexperienced guys should not change default settings if they do not know

what they are doing.

No intention of being rude here, it's just the truth.

 

--

NetAdmin <São Paulo, BR>

[Guest runner7@fastmail.fm]

Re: Built-in container and System account questions

 

No offense taken, and I appreciate your answer, but my problem is that

I have been indeed reading a bunch of documentation on these subjects

and I cannot find the answers anywhere. That is why I tried posting

to the newsgroup. I am still looking for the above info if anyone can

be so kind as to point out where exactly it is documented. Thanks.

[Guest net_admin]

Re: Built-in container and System account questions

 

Normally when you change system permissions that cause problems and many

times they can not be explained, even by MS.

 

The basic difference between Built-In OU and manually created is that the

built-in OU can not have GPO linked to it.

 

Hope the text below helps.

 

"Organizational unitsA particularly useful type of directory object

contained within domains is the organizational unit. Organizational units are

Active Directory containers into which you can place users, groups,

computers, and other organizational units. An organizational unit cannot

contain objects from other domains.

 

An organizational unit is the smallest scope or unit to which you can assign

Group Policy settings or delegate administrative authority. Using

organizational units, you can create containers within a domain that

represent the hierarchical, logical structures within your organization. You

can then manage the configuration and use of accounts and resources based on

your organizational model. For more information about Group Policy settings,

see Group Policy.

 

 

Enlarge figure

 

As shown in the figure, organizational units can contain other

organizational units. A hierarchy of containers can be extended as necessary

to model your organization's hierarchy within a domain. Using organizational

units will help you minimize the number of domains required for your network.

 

You can use organizational units to create an administrative model that can

be scaled to any size. A user can have administrative authority for all

organizational units in a domain or for a single organizational unit. An

administrator of an organizational unit does not need to have administrative

authority for any other organizational units in the domain. For more

information about delegating administrative authority, see Delegating

administration."

 

--

NetAdmin <São Paulo, BR>

"Das ist nicht mein bier... arschloch."