RE: NTFS permissons on SystemRoot and below...
- From: bp <bp@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 12 Apr 2006 07:51:03 -0700
Hi,
I'm experiencing a similar issue. Even when i manually reset NTFS
permissions on my sysvol share to the default permissions for this folder it
reverts to these other permissions overnight;
Adminstrators = Full Control
Creator Owner = None
<Security Group> = Modify;Read;Write;Read & Execute; List Folder Contents
System = Full Control
Users = Read & Execute;List Folder Contents;Read
Although i'm not absolutely certain, i think that this is partly to blame
for all my users experiencing logon delays each morning of up to 20 mins,
which is hugely frustrating? Does this make sense to anyone else?
At present, the only two GPOs we use are the default domain policy and the
default domain controllers policy.
Any thoughts on how to permanently address this issue on the sysvol share
permissions would be greatly appreciated.
--
bp
"sunemaster@xxxxxxxxx" wrote:
All,.
There have been *way* too many fingers fooling around, on a project i'm
working on.
At some point, someone mistakenly created a GPO that sets NTFS
permissions on
%SystemRoot%, replacing permissions below and enabling inheritance.
Permissions are now looking like this (everything below systemroot
looks like this, including sysvol and the like):
Administrators = Full Control
<SecurityGroup> = Full Control
CREATOR OWNER = Full Control (Subfolders and files only)
SYSTEM = Full Control
Users = Read & Execute
Unfortunately, this GPO was made to apply to the entire domain,
including domain controllers, database servers, cluster servers,
workstations and... Well... Everything.
Apparently everything seems to work more or less as it's supposed to.
When working with GPOs, we get an error message that permissions on the
SYSVOL folders are inconsistent with those in AD, and are able to fix
those. At the next GPO refresh interval, the SYSVOL permissions gets
replaced again, though.
Besides rebuilding the entire domain, do any of you have an idea to
what might be done to "clean up" the situation?
I've been looking into the "Setup Security" templates, but these do of
course not take installed applications into consideration. Or special
configurations, for that matter.
I see quite a few issues if this doesn't get cleaned up.
I would like to ask all of you brilliant people:
What kind of action would you take from here?
What kind of problems do you see in running with a configuration like
this?
I do of course have my own growing list of problems, but the
"solutions" list isn't growing as fast.
Any comments or suggestions are very welcome.
Thanks.
--
/Sune
- Follow-Ups:
- Re: NTFS permissons on SystemRoot and below...
- From: Sune T. Tougaard
- Re: NTFS permissons on SystemRoot and below...
- Prev by Date: Re: Finding Start Menu and Desktop from batch file
- Next by Date: Re: Replication to a specific network
- Previous by thread: Re: Finding Start Menu and Desktop from batch file
- Next by thread: Re: NTFS permissons on SystemRoot and below...
- Index(es):
Relevant Pages
|
