Awinish's Technical Blog

Lets continue the journey of learning & Share.!!

Understanding AdminSDHolder and Protected Groups

Posted by Awinish on March 1, 2011

If you have faced an issue, where you add a domain user to a protected group like administrators,domain admins, enterprise admins, schema admins, account operator etc. & after an hour or so membership disappears & you are scratching your head who did it. You start your findings & come to know its “AdminSDHolder” which reside in system partition reset the ACL to preserver the protected group from misuse & its built-in function. You can disable the automatic reset of permission on protected/built-in groups, but i would say you are inviting security flaws in your environment.

If you want to understand the details of AdminSDHolder & its working, take a look at below posted link. MVP John Policelli on has explained in-depth on his blog & i thought sharing it to readers on my blog too.

Five common questions about AdminSdHolder and SDProp


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s