Compartir a través de


Weaken security using ADSI Edit

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To weaken security using ADSI Edit

  1. Click Start, click Run, type adsiedit.msc, and then press Enter.

  2. In the console tree, right-click CN=MsmqServices.

    Where?

    • Configuration Container/CN=Configuration,.../CN=Services/CN=MsmqServices
  3. Click Properties.

  4. On the Attribute Editor page, in Attributes, select mSMQNameStyle, and then click Edit.

  5. In Boolean Attribute Editor, select True to weaken security, or False to tighten security.

  6. Click OK.

Notes

  • Windows Server 2003 family Support Tools, which is provided on the Windows Server 2003 family compact disc, must be installed before you can use ADSI Edit. To install these tools, perform the following steps:

    1. Insert the Windows Server 2003 family CD in your CD-ROM drive.

    2. Open the Support folder, and then open the Tools folder.

    3. Double-click Suptools to start the install program.

    4. Follow the instructions in the Windows Support Tools Setup Wizard, and select Complete on the Select An Installation Type page.

  • This procedure is used to weaken Active Directory security to support MSMQ 1.0 users, Message Queuing 2.0 clients logged on with local user accounts, and certain operating configurations.

  • Only users with the Write permission for the MsmqServices object can perform this procedure. By default, only members of the Domain Admins or Enterprise Admins groups of the root domain and members of the SYSTEM group (local system services running on a domain controller) have the Write permissions for this object.

  • Dependent clients cannot run under a local user account. Also, any computer that sends queries about Message Queuing objects to Active Directory on a domain controller directly, rather than through the Message Queuing directory service, will not be able to access Active Directory when it logs on using a local user account even if weakened security for Active Directory is enabled.

  • After performing this procedure, for the change to take effect, you must restart all instances of the Message Queuing Downlevel Client Support service running on Windows Server 2003 domain controllers and Message Queuing servers running on Windows 2000 domain controllers.

  • For best security practice, it is recommended that Active Directory security not be weakened unless necessary.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Enabling weakened security
Working with MMC console files