You want to reset an object's ACL to the
one defined in the schema for the object's object
188.8.131.52 Using a graphical user interface
This is available only in the Windows Server 2003 version of the ACL
Open the ACL Editor. You can do this by viewing the properties of an
object (right-click on the object and select Properties) with a tool,
such as Active Directory Users and Computers (ADUC) or ADSI Edit.
Select the Security tab. To see the Security tab with ADUC, you must
select View Advanced Features from the menu.
Click the Advanced button.
Click the Default button.
Click OK twice.
184.108.40.206 Using a command-line interface
> dsacls <ObjectDN> /s
For more on the default security descriptor, see Recipe 14.11.