Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


March 23, 2004

Windows Server 2003 AD Quotas

Limit object creation in a partition
A Web Exclusive from Windows IT Pro
Robbie Allen
Feature
InstantDoc #41898
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
View this exclusive article with VIP access -- click here to join |
See More Active Directory (AD) Articles Here | Reprints | Or sign up for our VIP Monthly Pass!

The ACL model in Active Directory (AD) is flexible and granular. However, there's one restriction that Windows 2000 AD ACLs can't enforce: limiting the number of objects created in a partition. You can, of course, restrict who can create objects in a container, but after you give a user the ability to create objects (e.g., by using the Create All Child Objects right), that user can create as many objects as he or she wants. A malicious user who has the rights to create objects in a domain could fill up a domain controller's (DC's) hard disk simply by creating a lot of objects.

AD Quotas
Windows Server 2003 has a new AD quotas feature that lets you monitor and limit the number of objects a security principal (user, group, or computer) can create in a partition. This feature is similar to the built-in quota that Win2K and later versions assign to authenticated users for creating computer objects except that the new Windows 2003 quotas apply to all object types. For example, the new computer account quota limits users to creating no more than 10 computer objects (i.e., accounts) in a domain. . . .

Reader Comments

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

How can I stop and start services from the command line?

...

Microsoft Touts Xbox 360 'Black Friday' Success

Microsoft this week revealed that its Xbox 360 video game console outsold its Sony PlayStation 3 rival 3-to-1 on "Black Friday," which curiously describes the three day weekend after Thanksgiving, a period that unofficially kicks off the holiday selling ...
Active Directory (AD) Whitepapers Sustainable Compliance: How to reconnect compliance, security and business goals

Managing Unix/Linux with Microsoft System Center Operations Manager 2007 Cross Platform Extensions Beta

Addressing the Insider Threat with NetIQ Security and Administration Solutions
Related Events How IE7 & The New Extended Validation SSL Certificates Impact Your Site

Concrete Ways to Make Sure Your SharePoint Deployment Doesn't Blow Up

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Keeping Your Business Safe from Attack: Monitoring and Managing Your Network Security

Windows 2003: Active Directory Administration Essentials
Related Active Directory (AD) Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Register for Orion NPM v9 - Evaluation
Affordable, easy-to-use network performance management with SolarWinds Orion – Free Trial!

Want a Hardware-Independent Image?
Binary Research, the Ghost people, shows you how to clone with 1!

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing