You want to modify the default security that is applied to objects instantiated from a particular structural class.
|
Open the Active Directory Schema snap-in.
In the left pane, click on the Classes folder.
In the right pane, double-click the class you want to modify the security for.
Click the Default Security tab.
Modify the security as necessary.
Click OK.
Whenever a new object is created in Active Directory, a default security descriptor (SD) is applied to it along with any inherited security from its parent container. The default security descriptor is stored in the defaultSecurityDescriptor attribute of the classSchema object. If you modify the default SD, every new object will get that SD, but it does not affect any existing objects.
MS KB 265399 (HOW TO: Change Default Permissions for Objects That Are Created in the Active Directory)