Managed Units container visible to everyone (Active Roles 7.2)

Question

Hi, is there a way of preventing that literally everyone can see Managed Units container having logged in Active Roles Server using mmc/http? I have just logged in Active Roles Server using my low-privileged account both via mmc/http and all created managed units are visible - hopefully any action for instance on user account which is member of given unit will be followed by access denied message. Making Managed Units container visible only to the ones who should see them would be preferred way of preventing non-authorized stuff to even know about them let alone seeing their members ... 
 It seems the following security entry for Managed Units is possible cause but is this by default?

Terrance.Crombie · Accepted Answer

The Access Template which you show in your screenshot is present by default, but it is explicitly linked to the root Managed Unit container, without inheritance. It does not include any permissions to view Managed Units, only Managed Unit Containers. 
 
Active Roles has a zero-permissions model. Out-of-the-box, a standard User account can see nothing from the environment, including the Domain and any Active Roles configuration objects. 
 
If a low-privileged account can see an object which you do not wish them to see, then there is an Access Template in place which grants that access. The one from your screenshot is not it. 
 
I suggest looking at the individual Managed Units to see if something is linked.