none
Deny Permission for searching Active Directory Computer OU for a specific Host

    Question

  • I'm using Anti-Virus software(Sophos) for my office environment, after discovered domain computers the AV console got a list of all computer records in active directory. so I want to restrict (won't appear) several computers from the discovered list got by AV software.

    ** i added an OU Named Sophos and moved specific hosts into that and gave security permmision as below,

    in OU security tab add the host (Sophos installed computer) which I want to restrict and grant deny all permission for the OU. after that it's working properly, but my superior's request is it should be done by creating a group or using GPO.

    please advise me on this how to proceed.

    • Moved by Richard MuellerMVP Wednesday, December 28, 2016 1:20 PM Not a TechNet Wiki question
    Wednesday, December 28, 2016 10:09 AM

All replies

  • You have asked in the wrong forum. This forum is for questions and discussions about the TechNet Wiki. I will move this question to a more appropriate forum.

    Edit: Correction, I moved this question from the "Forum Issues" forum.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Wednesday, December 28, 2016 1:19 PM
  • Hi,

    For me, it seems to be right, but you could set a group including the computers which need to be restricted , then set the deny permission for the group, instead of adding each host in the security tab.
    And later if more computers need to be restricted, you could just  add that computer to the group then.
    Best regards,
    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com



    Thursday, December 29, 2016 7:06 AM
    Moderator
  • Hi Wendy,

    i created a group as AV Restricted and set the security permission all deny for specific server and add several computer which i want to restrict, but it's not working 

    and create OU name AV Restricted and set the permission as deny all... it's working. please let me show the wrong part.

    Thank You...

    Wednesday, January 11, 2017 8:08 AM
  • Hi,

    According to your description, the permission is only working when you set the computers into OU, and not working on group, am I right? And is there any other difference between the both actions you did, except that?

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, January 13, 2017 8:31 AM
    Moderator