Guest Jake Posted August 29, 2007 Posted August 29, 2007 Hi, When I browse from a workstation to a newly installed w2203 server I see the two shares: netlogon sysvol In the netlogon share I can list all the logon scripts and open them, but not modify anything. In the sysvol share I can see all the subfolders (named policies with guids etc and open files), but I cannot not modify anything. Is this normal? I would prefer that 'normal' users should not be able to list folder contents except for the logon file assigned to their account. Thanks for comments on default security settings on these folders / files. jake
Guest Meinolf Weber Posted August 29, 2007 Posted August 29, 2007 Re: Shared sysvol and netlogon Hello Jake, This folders have all policies, scripts et.c stored, so every user and computer must have the rights to this folders. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. > Hi, > > When I browse from a workstation to a newly installed w2203 server I > see the two shares: > > netlogon > sysvol > In the netlogon share I can list all the logon scripts and open them, > but not modify anything. > > In the sysvol share I can see all the subfolders (named policies with > guids etc and open files), but I cannot not modify anything. > > Is this normal? I would prefer that 'normal' users should not be able > to list folder contents except for the logon file assigned to their > account. > > Thanks for comments on default security settings on these folders / > files. > > jake >
Guest Jake Posted August 29, 2007 Posted August 29, 2007 Re: Shared sysvol and netlogon Meinolf Weber skreiv: > Hello Jake, > > This folders have all policies, scripts et.c stored, so every user and > computer must have the rights to this folders. > > Best regards > > Meinolf Weber This means that they are able to open and view even the admins' logon scripts which often have 'hidden' share mappings... Do they need to be able to browse folder contents? jake
Guest Mathieu CHATEAU Posted August 29, 2007 Posted August 29, 2007 Re: Shared sysvol and netlogon Hello, your security level wouldn't be based on "hidding things".. Hidding share is not meant to protect but to not mess up user with useless things for them -- Cordialement, Mathieu CHATEAU http://lordoftheping.blogspot.com "Jake" <jake44@gmail.com> wrote in message news:ewn6JLk6HHA.5136@TK2MSFTNGP02.phx.gbl... > Meinolf Weber skreiv: >> Hello Jake, >> >> This folders have all policies, scripts et.c stored, so every user and >> computer must have the rights to this folders. >> >> Best regards >> >> Meinolf Weber > > > This means that they are able to open and view even the admins' logon > scripts which often have 'hidden' share mappings... > > Do they need to be able to browse folder contents? > > jake
Recommended Posts