I'm cleaning up a tree that was running ZenWorks 6.5 (have since switched to ZCM).

One thing that I've noticed is that [root] has been made a trustee of the entire tree (root). It was granted Read for All Attributes Rights and Create,Read,Write to the ZenzfdVersion attribute.

I assume this was done at some point to facilitate some ZenWorks related feature or function.

Does anyone know why this would have been done, and if it would be safe to remove [root] as a trustee?

It is creating a bit of a problem when doing ldapsearches as any user who can authenticate gets ALL attributes returned.