Solved

What to do with SYSVOL and NETLOGON in the network view

Posted on 2004-08-20
8
426 Views
Last Modified: 2012-08-14
When user browse to the PDC via "My Network Place" they can browse the SYSVOL and NETLOGON and see its content (seems to be MS default setting when setting up PDC) ... Is this something that should not be happening? Should I hide these directories or apply rights restriction on it? If so .. what kind?
0
Comment
Question by:SC2002Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
8 Comments
 
LVL 2

Accepted Solution

by:
TASINetwork earned 250 total points
ID: 11851802
Users can only view those shares.  They must be accessible by everyone as the SYSVOL houses GPOs, etc. and NETLOGON houses your logon scripts.  They should be fine as is.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 11851905
Agreed.  SYSVOL and the backward-compatible NETLOGON (which is really just SYSVOL in disguise) are meant to be visible.  Users cannot do anything inside those shares - they have read-only access.

0
 

Author Comment

by:SC2002Admin
ID: 11854703
Is there anyway to make them invisible and yet not interfering with system operation? I would like to make none-user related stuff as transparent as possible.
0
Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

 
LVL 2

Expert Comment

by:TASINetwork
ID: 11854812
I know of no way to hide them without causing problems.  If you lock down those shares any more, you will most likely cause problems.
0
 

Author Comment

by:SC2002Admin
ID: 11862028
Is there a way to keep it invisible to users without causing problems?
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 250 total points
ID: 11862041
The only thing you could do is use a GPO to disable the ability to browse the network.  This won't prevent anyone from typing in the share at the Run line - \\servername\sysvol - and opening it, but it will prevent the casual browser.

0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question