What to do with SYSVOL and NETLOGON in the network view

Posted on 2004-08-20
Last Modified: 2012-08-14
When user browse to the PDC via "My Network Place" they can browse the SYSVOL and NETLOGON and see its content (seems to be MS default setting when setting up PDC) ... Is this something that should not be happening? Should I hide these directories or apply rights restriction on it? If so .. what kind?
Question by:SC2002Admin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2

Accepted Solution

TASINetwork earned 250 total points
ID: 11851802
Users can only view those shares.  They must be accessible by everyone as the SYSVOL houses GPOs, etc. and NETLOGON houses your logon scripts.  They should be fine as is.
LVL 51

Expert Comment

ID: 11851905
Agreed.  SYSVOL and the backward-compatible NETLOGON (which is really just SYSVOL in disguise) are meant to be visible.  Users cannot do anything inside those shares - they have read-only access.


Author Comment

ID: 11854703
Is there anyway to make them invisible and yet not interfering with system operation? I would like to make none-user related stuff as transparent as possible.
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.


Expert Comment

ID: 11854812
I know of no way to hide them without causing problems.  If you lock down those shares any more, you will most likely cause problems.

Author Comment

ID: 11862028
Is there a way to keep it invisible to users without causing problems?
LVL 51

Assisted Solution

Netman66 earned 250 total points
ID: 11862041
The only thing you could do is use a GPO to disable the ability to browse the network.  This won't prevent anyone from typing in the share at the Run line - \\servername\sysvol - and opening it, but it will prevent the casual browser.


Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL ( and MongoDB (…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question