Default ACLs of New Objects - Inside Active Directory

Related to the book Inside Active Directory, ISBN 0-201-61621-1
Copyright (C) 2002 by Sakari Kouti
Version: December 21, 2001
Back to the book's Web site

ACE Trustee AccessMask AceFlags AceType ObjectType InheritedObjectType
OU=New OU,DC=sanao,DC=com
ACE 1 SYSTEM Full Control ACCESS_ALLOWED
ACE 2 Domain Admins Full Control ACCESS_ALLOWED
ACE 3 Account Operators DS_CREATE_CHILD, DS_DELETE_CHILD, ACCESS_ALLOWED_OBJECT computer
ACE 4 Account Operators DS_CREATE_CHILD, DS_DELETE_CHILD, ACCESS_ALLOWED_OBJECT user
ACE 5 Account Operators DS_CREATE_CHILD, DS_DELETE_CHILD, ACCESS_ALLOWED_OBJECT group
ACE 6 Print Operators DS_CREATE_CHILD, DS_DELETE_CHILD, ACCESS_ALLOWED_OBJECT printQueue
ACE 7 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 8 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 9 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 10 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 12 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 13 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 14 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 15 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 16 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 17 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
CN=New Contact,OU=New OU,DC=sanao,DC=com
ACE 1 Domain Admins Full Control ACCESS_ALLOWED
ACE 2 SYSTEM Full Control ACCESS_ALLOWED
ACE 3 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 4 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 5 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 6 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 7 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 8 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 9 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 12 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 13 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
CN=New Group,OU=New OU,DC=sanao,DC=com
ACE 1 Domain Admins Full Control ACCESS_ALLOWED
ACE 2 SYSTEM Full Control ACCESS_ALLOWED
ACE 3 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 4 Account Operators Full Control ACCESS_ALLOWED
ACE 5 SELF Read plus List Object ACCESS_ALLOWED
ACE 6 Authenticated Users DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Send To
ACE 7 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 8 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 9 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 12 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 13 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 14 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 15 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 16 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
CN=New User,OU=New OU,DC=sanao,DC=com
ACE 1 Domain Admins Full Control ACCESS_ALLOWED
ACE 2 SYSTEM Full Control ACCESS_ALLOWED
ACE 3 Account Operators Full Control ACCESS_ALLOWED
ACE 4 SELF Read plus List Object ACCESS_ALLOWED
ACE 5 SELF DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Change Password
ACE 6 SELF DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Send As
ACE 7 SELF DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Receive As
ACE 8 SELF DS_READ_PROP, DS_WRITE_PROP, ACCESS_ALLOWED_OBJECT Personal Information
ACE 9 SELF DS_READ_PROP, DS_WRITE_PROP, ACCESS_ALLOWED_OBJECT Phone and Mail Options
ACE 10 SELF DS_READ_PROP, DS_WRITE_PROP, ACCESS_ALLOWED_OBJECT Web Information
ACE 11 RAS and IAS Servers DS_READ_PROP, ACCESS_ALLOWED_OBJECT Remote Access Information
ACE 12 RAS and IAS Servers DS_READ_PROP, ACCESS_ALLOWED_OBJECT Account Restrictions
ACE 13 RAS and IAS Servers DS_READ_PROP, ACCESS_ALLOWED_OBJECT Group Membership
ACE 14 Authenticated Users READ_CONTROL, ACCESS_ALLOWED
ACE 15 Authenticated Users DS_READ_PROP, ACCESS_ALLOWED_OBJECT General Information
ACE 16 Authenticated Users DS_READ_PROP, ACCESS_ALLOWED_OBJECT Personal Information
ACE 17 Authenticated Users DS_READ_PROP, ACCESS_ALLOWED_OBJECT Web Information
ACE 18 Authenticated Users DS_READ_PROP, ACCESS_ALLOWED_OBJECT Public Information
ACE 19 Everyone DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Change Password
ACE 20 RAS and IAS Servers DS_READ_PROP, ACCESS_ALLOWED_OBJECT Logon Information
ACE 21 Cert Publishers DS_READ_PROP, DS_WRITE_PROP, ACCESS_ALLOWED_OBJECT userCertificate
ACE 22 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 23 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 24 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 25 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 26 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 27 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 28 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 29 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 30 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 31 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherited, ACCESS_ALLOWED_OBJECT user
CN=New Shared Folder,OU=New OU,DC=sanao,DC=com
ACE 1 Domain Admins Full Control ACCESS_ALLOWED
ACE 2 SYSTEM Full Control ACCESS_ALLOWED
ACE 3 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 4 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 5 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 6 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 7 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 8 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 9 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 12 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 13 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user