Jump to content

Shared sysvol and netlogon

Guest Jake

By Guest Jake
in Windows 2003 Server

 Share

Recommended Posts

Guest Jake

Guest Jake

Posted
Posted

Hi,

 

When I browse from a workstation to a newly installed w2203 server I see

the two shares:

 

netlogon

sysvol

 

In the netlogon share I can list all the logon scripts and open them,

but not modify anything.

 

In the sysvol share I can see all the subfolders (named policies with

guids etc and open files), but I cannot not modify anything.

 

Is this normal? I would prefer that 'normal' users should not be able

to list folder contents except for the logon file assigned to their account.

 

Thanks for comments on default security settings on these folders / files.

 

jake

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: Shared sysvol and netlogon

 

Hello Jake,

 

This folders have all policies, scripts et.c stored, so every user and computer

must have the rights to this folders.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

> Hi,

>

> When I browse from a workstation to a newly installed w2203 server I

> see the two shares:

>

> netlogon

> sysvol

> In the netlogon share I can list all the logon scripts and open them,

> but not modify anything.

>

> In the sysvol share I can see all the subfolders (named policies with

> guids etc and open files), but I cannot not modify anything.

>

> Is this normal? I would prefer that 'normal' users should not be able

> to list folder contents except for the logon file assigned to their

> account.

>

> Thanks for comments on default security settings on these folders /

> files.

>

> jake

>

Guest Jake

Guest Jake

Posted
Posted

Re: Shared sysvol and netlogon

 

Meinolf Weber skreiv:

> Hello Jake,

>

> This folders have all policies, scripts et.c stored, so every user and

> computer must have the rights to this folders.

>

> Best regards

>

> Meinolf Weber

 

 

This means that they are able to open and view even the admins' logon

scripts which often have 'hidden' share mappings...

 

Do they need to be able to browse folder contents?

 

jake

Guest Mathieu CHATEAU

Guest Mathieu CHATEAU

Posted
Posted

Re: Shared sysvol and netlogon

 

Hello,

 

your security level wouldn't be based on "hidding things"..

Hidding share is not meant to protect but to not mess up user with useless

things for them

 

--

Cordialement,

Mathieu CHATEAU

http://lordoftheping.blogspot.com

 

 

"Jake" <jake44@gmail.com> wrote in message

news:ewn6JLk6HHA.5136@TK2MSFTNGP02.phx.gbl...

> Meinolf Weber skreiv:

>> Hello Jake,

>>

>> This folders have all policies, scripts et.c stored, so every user and

>> computer must have the rights to this folders.

>>

>> Best regards

>>

>> Meinolf Weber

>

>

> This means that they are able to open and view even the admins' logon

> scripts which often have 'hidden' share mappings...

>

> Do they need to be able to browse folder contents?

>

> jake

 Share
Go to topic listing
×
×
  • Create New...