Was this page helpful?
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Changing the Security Descriptor on AdminSDHolder

Updated: December 2, 2007

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2

The security descriptor on AdminSDHolder serves two purposes. First, it controls access to the AdminSDHolder object itself. Second, it acts as the master security descriptor that is periodically applied to the service administrator accounts and their members to ensure that they remain protected.


  • Credentials: Domain Admins

  • Tools: Active Directory Users and Computers

To change the security descriptor on AdminSDHolder

  1. Log on with Domain Admins credentials, and then open Active Directory Users and Computers.

  2. On the View menu, click Advanced Features.

  3. In the console tree, click the System container.

  4. In the details pane, right-click AdminSDHolder, and then click Properties.

  5. On the Security tab, modify the security descriptor by changing the settings as specified in Table 39.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft