Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Server Management - Remote Server Management
cancel
Showing results for 
Search instead for 
Did you mean: 

Issues with HP schema modifications and MMC plugins

Matt Hallson
Occasional Visitor

Issues with HP schema modifications and MMC plugins

Hello,

I am doing some testing of the HP ILO schema extenstion on Windows 2003 R2 (freshly built and DCPromo'd), and there appears to be a problem with the role object creation.

The issue is that the MMC extension is rewriting the security descriptors of the role object after it is created so that the only ACLs are SELF and the object creator.

This is not really very good as it means that only the person who created the role object can administer it. For an environment with multiple administrators in a team this causes a problem.

It is definitely the MMC extensions that are doing this, as a separate event is logged in the event log if you switch full auditing on (first events are for object creation, second events write properties, last events write_dac). Also if you create the object with ADSI edit the resulting role object does not exhibit these problems.

Had anyone else seen these issues? Ideally I need a version of the MMC extensions that does NOT rewrite the object DAC.