Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Granting Write Permission to a group for the SYSVOL

Posted on 2008-10-16
6
Medium Priority
?
1,599 Views
Last Modified: 2012-05-05
Hello all,
I have a requirement to provide a group of OU Administrators with the ability to create scripts.  Of course this entails granting that group write permission to the scripts directory.  I do not see a problem with this but would like to hear other's thoughts on this.  I would really appreciate hearing from anyone on this. Especially if you can think of a negative impact from doing this.

Thank you in advance.
0
Comment
Question by:Jim Stiveson
  • 3
  • 3
6 Comments
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 500 total points
ID: 22736772
Better to only grant write access to NETLOGON share as it's the same as the scripts folder.
0
 
LVL 1

Author Comment

by:Jim Stiveson
ID: 22739991
henjoh09,

Thank you.  I should have clarified that. The NETLOGON share is what I was refering to.  Sometimes when I use that term it seems to make people think of NT 4.0.
I assume you do not see a problem with this?
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 500 total points
ID: 22740452
The only pure NT4-term I'm aware of is BDC that alot of people incorrectly talks about when referring to multiple DCs in AD.

If you trust them, it shouldn't be a problem.
Just place the users in a group "NETLOGON Script Admins" or similar and set the share permission on the NETLOGON-share.
Also verify they have NTFS-write access to scripts-folder.
If you want to isolate the OU-Admins to not write to other OU's scripts, create subfolders under NETLOGON for each OU and grant the separate OU-Admin groups NTFS-write to the subfolder instead of the parent. Point the logon-scripts for the users to be OU-folder\logon.cmd instead of just logon.cmd or handle it dynamically inside logon.cmd
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 1

Author Comment

by:Jim Stiveson
ID: 22740776
henjoh09,
Oh, I wasn't implying it was. Just an observation.  Anyhow, I thank you very much for your input. That sounds like a great idea and I think that is what I am going to go with.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22747545
My line about NT4-terms was just meaning that I don't see why some people missunderstand you as talking about NT4 when NETLOGON exist in all versions, and it would had been more confusing if talking about BDC in AD-environment as that is old NT4-term.

It sounds like your satisified with the answer, so please click 'Accept as solution' to close the question.
0
 
LVL 1

Author Closing Comment

by:Jim Stiveson
ID: 31506933
Thank you for your input.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question