Hi -
I am working in a Windows 2008 R2 environment. I have an OU that has the "protect this object from accidental deletion" box checked, which puts an explicit DENY on the "Delete All Child Object" permissions for the EVERYONE group. I am also a member of a group that has create/delete permissions for computer objects in this OU. I find that despite the explicit DENY permission, I am still able to move computer objects out of that OU
Question: Assuming that moving an object involves deleting it from one OU and creating it in another, how am I able to move the object? My expectation is that the explicit DENY on the OU would prevent me from deleting the object from the OU despite my group-based permissions.
Any insight would be greatly appreciated.
Thank you