Server Management - Remote Server Management

Issues with HP schema modifications and MMC plugins

Matt Hallson
New Member

Issues with HP schema modifications and MMC plugins


I am doing some testing of the HP ILO schema extenstion on Windows 2003 R2 (freshly built and DCPromo'd), and there appears to be a problem with the role object creation.

The issue is that the MMC extension is rewriting the security descriptors of the role object after it is created so that the only ACLs are SELF and the object creator.

This is not really very good as it means that only the person who created the role object can administer it. For an environment with multiple administrators in a team this causes a problem.

It is definitely the MMC extensions that are doing this, as a separate event is logged in the event log if you switch full auditing on (first events are for object creation, second events write properties, last events write_dac). Also if you create the object with ADSI edit the resulting role object does not exhibit these problems.

Had anyone else seen these issues? Ideally I need a version of the MMC extensions that does NOT rewrite the object DAC.