Hi all,

I'm in a situation where I need to allow pupils to search for files. (Don't go there, just accept it and cry like I do)

The problem I have is that turning this on allows them to search for users in the AD too.

I would like to be able to do one of 3 things.

First pref would be to allow only file searching.

Second pref would be to allow them to search as now, but prevent them viewing anything but the user list

Third option would be to prevent them changing the AD info for their phone number, web information and a couple of other items that by default users are allowed to change for themselves.

Assuming I don't get 1 or 2 I have been working on 3. I can set the permissions for a single user object so that they can't change phone number, etc... as the option is visible and tick in the security display for the user object. What I can't find a way to be is to apply a deny option for a whole OU for a security group the pupils are in as I cannot get the security option to display for what I want to deny on anything but a user object! Can anyone help please. Or for that matter does anyone even understand all that waffle