RE: Sysvol and Netlogon Security Permissions
- From: Eric Westfall <EricWestfall@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 14 Dec 2009 12:17:01 -0800
Sukhwinder,
You need to consider the effective permissions of the SYSVOL directory /
share. When combining Share + NTFS permissions, remember that the most
restrictive permissions will apply. For example, by default the SYSVOL share
allows read-only access to the Everyone user context. However, the NTFS
permissions for the SYSVOL folder (C:\Windows\SYSVOL be default) restrict
read-only access to the Authenticated Users context.
So by default, only domain authenticated users will be granted read
privileges to the SYSVOL share. In theory, you could match the share
permissions to the NTFS permissions and not effect the functionality of the
SYSVOL share; however this is not recommended and wouldn't really net you any
benefits.
I hope that answers your question a little better.
--
Eric Westfall
"Sukhwinder Singh" wrote:
Dear All,.
I need some information on the ACL of Sysvol and Netlogon folders. We have
everyone having read in the share permission of both SYSVOL and NETLOGON. In
Share permission of Sysvol we have authenticated users having full access.
Kindly let me know if we can replace Everyone with Authenticated users and
what may be the impact of modifying the ACl of these two folders.
Thanks and Regards,
Sukhwinder Singh
- References:
- Sysvol and Netlogon Security Permissions
- From: Sukhwinder Singh
- Sysvol and Netlogon Security Permissions
- Prev by Date: RE: Login to AD from one VLAN to another
- Next by Date: Re: User permission
- Previous by thread: Re: Sysvol and Netlogon Security Permissions
- Next by thread: Update attribute using ldp
- Index(es):
Relevant Pages
|
