Shared sysvol and netlogon

  • Thread starter Thread starter Jake
  • Start date Start date
J

Jake

Guest
Hi,

When I browse from a workstation to a newly installed w2203 server I see
the two shares:

netlogon
sysvol

In the netlogon share I can list all the logon scripts and open them,
but not modify anything.

In the sysvol share I can see all the subfolders (named policies with
guids etc and open files), but I cannot not modify anything.

Is this normal? I would prefer that 'normal' users should not be able
to list folder contents except for the logon file assigned to their account.

Thanks for comments on default security settings on these folders / files.

jake
 
Re: Shared sysvol and netlogon

Hello Jake,

This folders have all policies, scripts et.c stored, so every user and computer
must have the rights to this folders.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

> Hi,
>
> When I browse from a workstation to a newly installed w2203 server I
> see the two shares:
>
> netlogon
> sysvol
> In the netlogon share I can list all the logon scripts and open them,
> but not modify anything.
>
> In the sysvol share I can see all the subfolders (named policies with
> guids etc and open files), but I cannot not modify anything.
>
> Is this normal? I would prefer that 'normal' users should not be able
> to list folder contents except for the logon file assigned to their
> account.
>
> Thanks for comments on default security settings on these folders /
> files.
>
> jake
>
 
Re: Shared sysvol and netlogon

Meinolf Weber skreiv:
> Hello Jake,
>
> This folders have all policies, scripts et.c stored, so every user and
> computer must have the rights to this folders.
>
> Best regards
>
> Meinolf Weber


This means that they are able to open and view even the admins' logon
scripts which often have 'hidden' share mappings...

Do they need to be able to browse folder contents?

jake
 
Re: Shared sysvol and netlogon

Hello,

your security level wouldn't be based on "hidding things"..
Hidding share is not meant to protect but to not mess up user with useless
things for them

--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


"Jake" <jake44@gmail.com> wrote in message
news:ewn6JLk6HHA.5136@TK2MSFTNGP02.phx.gbl...
> Meinolf Weber skreiv:
>> Hello Jake,
>>
>> This folders have all policies, scripts et.c stored, so every user and
>> computer must have the rights to this folders.
>>
>> Best regards
>>
>> Meinolf Weber
>
>
> This means that they are able to open and view even the admins' logon
> scripts which often have 'hidden' share mappings...
>
> Do they need to be able to browse folder contents?
>
> jake
 
Back
Top