• Access Template for Microsoft LAPS - I have seen a template to grant reader to the ms-Mcs-AdmPwdattributes in ARS, but not a template to Grant Self (the computer account) access to write to the ms-Mcs-AdmPwdExpirationTime and ms-Mcs-AdmPwd.

    I tried to create an access template for granting self write access to the ms-Mcs-AdmPwd attributes and it seemed to do nothing.  I had to manually set the rights using powershell.  It would be so much easier to do this with an ARS Access Template.  This…

  • ARS access rule with claims enabled, appears to work but when user closes the ARS console and reopens the claim is not working as expected

    Hello ,

    To test a scenario out where I have a single Managed unit with all users. Only want admins from same department to see and modify users from same department.

    Enabled AD claim rules on domain and ARS server, setspns as described in the admin guide…

  • Access template permissions after group add/removal

    We're working on implementing ARS 7.0 (clean install) after having 6.9 for quite awhile. We've kind of hit a snag with our elevated permissions.

     

    We have workstation support that uses temporal membership to "elevate" themselves into a group that…

  • Use ARS and/or powershell to create groups - nested & add members automatically?

    We use the lousy nested structure for shared folder ntfs permissions where a domain local group contains a universal which contains a global and the global has the users.  I want to find a way to create the 3 groups required when a new folder is setup…