The information in this article applies to:
SUMMARYWhen you use the User Manager tool on a computer running Windows NT, domain users or Guest account users may be able to display the list of user accounts and group accounts. This article describes how to use the Listacct.exe tool to modify this behavior. MORE INFORMATIONThis behavior occurs because all Windows NT users are granted the "Domain List Accounts" right by default. This right gives users the necessary permissions to display user and group account names. Domain administrators can use the Listacct.exe tool to grant or deny the right to list domain user accounts. You can obtain the Listacct.exe tool by calling Microsoft Technical Support. The Listacct.exe tool uses the following syntax: Listacct [-d<Account> | -g<Account>] -d<Account> denies domain list access to the specified accountA user who is not granted the "Domain List Accounts" right does not see a list of domain users in the User Manager tool. To use the Listacct.exe tool to grant only members of the Domain Administrators and Account Operators groups permission to list user accounts, use the following command: Listacct "-gDomain Administrators" "-gAccount Operators" "-dEveryone"NOTE: The domain administrator should run this command on the primary domain controller. The Listacct.exe tool is designed for Windows NT 3.51 or 4.0. Using the Listacct.exe tool on a computer running Windows 2000 with the Active Directory services installed could lead to unpredictable results and is not supported by Microsoft. On a computer running Windows NT 5.0 using the Active Directory, all users can display user and group names in the Active Directory. To modify this behavior, a domain administrator can use the Directory Management snap-in for the Microsoft Management Console tool to set the "List Contents" right on an object in the Active Directory. Additional query words: 5.00
Keywords : kbenv ntsecurity NTSrvWkst |
|
Last Reviewed: December 29, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |