RE: SYSVOL/NETLOGON visibile by ALL USERS

From: v-kzhao@xxxxxxxxxxxxxxxxxxxx ("Ken Zhao [MSFT]")
Date: Thu, 20 Sep 2007 08:37:32 GMT

Hi,

I am just writing to see how everything is going. If you have any updates
or need any further assistance on this issue, please feel free to let me
know.

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| X-Tomcat-ID: 76798277
| References: <#3fKcpV#HHA.4784@xxxxxxxxxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain
| Content-Transfer-Encoding: 7bit
| From: v-kzhao@xxxxxxxxxxxxxxxxxxxx ("Ken Zhao [MSFT]")
| Organization: Microsoft
| Date: Tue, 18 Sep 2007 05:44:12 GMT
| Subject: RE: SYSVOL/NETLOGON visibile by ALL USERS
| X-Tomcat-NG: microsoft.public.windows.file_system
| Message-ID: <9ssbCcb#HHA.5532@xxxxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.file_system
| Lines: 67
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.file_system:1533
| NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
|
| Hello,
|
| Thank you for using newsgroup!
|
| Based on my research, the share permissions for the
| %SystemRoot%\SYSVOL\Sysvol folder to the following default permissions:
| Administrators - Full Control
| Authenticated Users - Full Control
| Everyone - Read
| If other shares are affected, you must also set permissions for those
| shares back to their previous settings.
|
| The file permissions for the Sysvol folder may or may not be affected.
| Their default settings are as follows:
| Administrators - Full Control
| Authenticated Users - Read, Read and Execute, and List Folder
| System - Full Control
| Server Operators - Read, Read and Execute, and List Folder
| These permissions are set for the %SystemRoot%\SYSVOL folder and are
marked
| as inherited (they are checked but dimmed) for the
| %SystemRoot%\SYSVOL\Sysvol folder.
|
| Reference:
| 312031: Using the Symantec W32.Nimda.A@mm Virus Removal Tool Affects the
| Sysvol and Netlogon Share Permissions
| http://support.microsoft.com/kb/312031/en-us
|
| Thanks & Regards,
|
| Ken Zhao
|
| Microsoft Online Support
| Microsoft Global Technical Support Center
|
| Get Secure! - www.microsoft.com/security
<http://www.microsoft.com/security>
| ====================================================
| When responding to posts, please "Reply to Group" via your newsreader so
| that others may learn and benefit from your issue.
| ====================================================
| This posting is provided "AS IS" with no warranties, and confers no
rights.
|
|
|
|
|
| --------------------
| | From: "SJMP" <sjmp@xxxxxxxxxxxxxxxx>
| | Subject: SYSVOL/NETLOGON visibile by ALL USERS
| | Date: Mon, 17 Sep 2007 14:41:17 -0400
| | Lines: 6
| | MIME-Version: 1.0
| | Content-Type: text/plain;
| | format=flowed;
| | charset="iso-8859-1";
| | reply-type=original
| | Content-Transfer-Encoding: 7bit
| | X-Priority: 3
| | X-MSMail-Priority: Normal
| | X-Newsreader: Microsoft Windows Mail 6.0.6000.16480
| | X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16480
| | Message-ID: <#3fKcpV#HHA.4784@xxxxxxxxxxxxxxxxxxxx>
| | Newsgroups: microsoft.public.windows.file_system
| | NNTP-Posting-Host: gw.greenbriarequity.com 67.151.224.82
| | Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.file_system:1529
| | X-Tomcat-NG: microsoft.public.windows.file_system
| |
| | How come anyone, even non authenticated users can see the SYSVOL and
| | NETLOGON folders? I just tested this from a non-domain machine and not
| only
| | was I able to view it, but I was able to edit the logon.bat in sysvol.
| |
| | HELP this is very scary!!!!!
| |
| |
|
|

.

References:
- SYSVOL/NETLOGON visibile by ALL USERS
  - From: SJMP
- RE: SYSVOL/NETLOGON visibile by ALL USERS
  - From: "Ken Zhao [MSFT]"

Prev by Date: Re: File names too long alert during copy
Next by Date: Re: File names too long alert during copy
Previous by thread: RE: SYSVOL/NETLOGON visibile by ALL USERS
Next by thread: Re: File names too long alert during copy
Index(es):
- Date
- Thread

Relevant Pages

Re: Local permissions for roaming profile to work
... I understand that you have created a shared folder Roaming$ to store the ... 1> The permissions of each username folder in the roaming profile share ... Microsoft CSS Online Newsgroup Support ...
(microsoft.public.windows.server.sbs)
RE: no OWA
... have the correct permissions was the "inetpub" folder. ... Correct the settings in IIS: ... click to check the "Hide All Microsoft Services" ...
(microsoft.public.windows.server.sbs)
Re: Minimum NTFS Permissions - Theres such a thing???
... ?2001 Microsoft Corporation. ... HOW TO: Set Minimum NTFS Permissions Required for IIS 5.0 to Work WGID:198 ... " List Folder Contents" ...
(microsoft.public.inetserver.iis.security)
Re: NTFRS 13552 and 13555 Erorrs on SBS 2003 Following Tornado
... restore the SYSVOL data from a domain ... a location that is on the same volume as the SYSVOL folder. ... Stop NetLogon and FRS on the domain controller. ... Microsoft CSS Online Newsgroup Support ...
(microsoft.public.windows.server.sbs)
Re: NTFRS 13552 and 13555 Erorrs on SBS 2003 Following Tornado
... restore the SYSVOL data from a domain ... a location that is on the same volume as the SYSVOL folder. ... Gather MPS network report on SBS: ... Microsoft CSS Online Newsgroup Support ...
(microsoft.public.windows.server.sbs)