internal/data/domainDefaults/accessRules/addefault_domainObject.json
|
[
{ "Path": "%DomainDN%", "ActiveDirectoryRights": "ExtendedRight", "InheritanceType": "None", "ObjectType": "DS-Clone-Domain-Controller", "InheritedObjectType": "\u003cAll\u003e", "AccessControlType": "Allow", "Identity": "%DomainName%\\Cloneable Domain Controllers" }, { "Path": "%DomainDN%", "ActiveDirectoryRights": "ReadProperty, WriteProperty", "InheritanceType": "All", "ObjectType": "ms-DS-Key-Credential-Link", "InheritedObjectType": "\u003cAll\u003e", "AccessControlType": "Allow", "Identity": "%DomainName%\\Key Admins" }, { "Path": "%DomainDN%", "ActiveDirectoryRights": "ReadProperty, WriteProperty", "InheritanceType": "All", "ObjectType": "ms-DS-Key-Credential-Link", "InheritedObjectType": "\u003cAll\u003e", "AccessControlType": "Allow", "Identity": "%RootDomainName%\\Enterprise Key Admins" }, { "Path": "%DomainDN%", "ActiveDirectoryRights": "DeleteChild", "InheritanceType": "none", "ObjectType": "<all>", "InheritedObjectType": "<all>", "AccessControlType": "Deny", "Identity": "S-1-1-0" } ] |