?
Solved

What to do with SYSVOL and NETLOGON in the network view

Posted on 2004-08-20
8
Medium Priority
?
428 Views
Last Modified: 2012-08-14
When user browse to the PDC via "My Network Place" they can browse the SYSVOL and NETLOGON and see its content (seems to be MS default setting when setting up PDC) ... Is this something that should not be happening? Should I hide these directories or apply rights restriction on it? If so .. what kind?
0
Comment
Question by:SC2002Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
8 Comments
 
LVL 2

Accepted Solution

by:
TASINetwork earned 1000 total points
ID: 11851802
Users can only view those shares.  They must be accessible by everyone as the SYSVOL houses GPOs, etc. and NETLOGON houses your logon scripts.  They should be fine as is.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 11851905
Agreed.  SYSVOL and the backward-compatible NETLOGON (which is really just SYSVOL in disguise) are meant to be visible.  Users cannot do anything inside those shares - they have read-only access.

0
 

Author Comment

by:SC2002Admin
ID: 11854703
Is there anyway to make them invisible and yet not interfering with system operation? I would like to make none-user related stuff as transparent as possible.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 2

Expert Comment

by:TASINetwork
ID: 11854812
I know of no way to hide them without causing problems.  If you lock down those shares any more, you will most likely cause problems.
0
 

Author Comment

by:SC2002Admin
ID: 11862028
Is there a way to keep it invisible to users without causing problems?
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 1000 total points
ID: 11862041
The only thing you could do is use a GPO to disable the ability to browse the network.  This won't prevent anyone from typing in the share at the Run line - \\servername\sysvol - and opening it, but it will prevent the casual browser.

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question