Hello.
I want to be able to allow my computer objects to add/remove themselves from AD Groups.
I thought that this simply needed the NT AUTHORITY\SELF account to be appropriatly permissioned?
I have set the following permissions on my OU and Group Objects, but am still not able to add the machine to a group via a startup script (running as system obviously
)
I have also granted the following rights explicitly for Group Objects:
List Contents
Read All Properties
Read Permissions
Modify Permissions
All Validated Rights
All Extended Rights
Add/Remove self as member
Send As
Send To
Can anyone provide any help on this one please?
I want to be able to allow my computer objects to add/remove themselves from AD Groups.
I thought that this simply needed the NT AUTHORITY\SELF account to be appropriatly permissioned?
I have set the following permissions on my OU and Group Objects, but am still not able to add the machine to a group via a startup script (running as system obviously
)
Code:
This object Allow NT AUTHORITY\SELF Read all properties
This object Allow NT AUTHORITY\SELF List contents
This object Allow NT AUTHORITY\SELF Generate Resultant Set of Policy (Planning)
This object Allow NT AUTHORITY\SELF Generate Resultant Set of Policy (Logging)
All Subobjects Allow NT AUTHORITY\SELF Read all properties
All Subobjects Allow NT AUTHORITY\SELF List contents
Group objects Allow NT AUTHORITY\SELF Read all properties
Group objects Allow NT AUTHORITY\SELF List contents
Group objects Allow NT AUTHORITY\SELF All control accesses
Group objects Allow NT AUTHORITY\SELF Modify MembershipI have also granted the following rights explicitly for Group Objects:
List Contents
Read All Properties
Read Permissions
Modify Permissions
All Validated Rights
All Extended Rights
Add/Remove self as member
Send As
Send To
Can anyone provide any help on this one please?