As I'm experimenting with a vanilla Active Directory domain, I notice that a standard user can go into Active Directory Users and Computers (dsa.msc) and Group Policy Management Console (gpmc.msc) and view the configuration in both of those respective services (AD and Group Policy).
Additionally, I also notice that a user can search for AD objects on the domain. Out of pure curiosity, how would I go about disabling user access to these if I were going to for security purposes while not breaking any other functionality?
I'm running Server 2016 with a Server 2016 functional forest and domain level. All hosts are either Server 2016 member servers or Windows 10 clients.
No comments:
Post a Comment