- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Issues with HP schema modifications and MMC plugin...
Server Management - Remote Server Management
1753320
Members
6195
Online
108792
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2006 09:19 PM
01-26-2006 09:19 PM
Issues with HP schema modifications and MMC plugins
Hello,
I am doing some testing of the HP ILO schema extenstion on Windows 2003 R2 (freshly built and DCPromo'd), and there appears to be a problem with the role object creation.
The issue is that the MMC extension is rewriting the security descriptors of the role object after it is created so that the only ACLs are SELF and the object creator.
This is not really very good as it means that only the person who created the role object can administer it. For an environment with multiple administrators in a team this causes a problem.
It is definitely the MMC extensions that are doing this, as a separate event is logged in the event log if you switch full auditing on (first events are for object creation, second events write properties, last events write_dac). Also if you create the object with ADSI edit the resulting role object does not exhibit these problems.
Had anyone else seen these issues? Ideally I need a version of the MMC extensions that does NOT rewrite the object DAC.
I am doing some testing of the HP ILO schema extenstion on Windows 2003 R2 (freshly built and DCPromo'd), and there appears to be a problem with the role object creation.
The issue is that the MMC extension is rewriting the security descriptors of the role object after it is created so that the only ACLs are SELF and the object creator.
This is not really very good as it means that only the person who created the role object can administer it. For an environment with multiple administrators in a team this causes a problem.
It is definitely the MMC extensions that are doing this, as a separate event is logged in the event log if you switch full auditing on (first events are for object creation, second events write properties, last events write_dac). Also if you create the object with ADSI edit the resulting role object does not exhibit these problems.
Had anyone else seen these issues? Ideally I need a version of the MMC extensions that does NOT rewrite the object DAC.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP