?
Solved

Granting Write Permission to a group for the SYSVOL

Posted on 2008-10-16
6
Medium Priority
?
1,535 Views
Last Modified: 2012-05-05
Hello all,
I have a requirement to provide a group of OU Administrators with the ability to create scripts.  Of course this entails granting that group write permission to the scripts directory.  I do not see a problem with this but would like to hear other's thoughts on this.  I would really appreciate hearing from anyone on this. Especially if you can think of a negative impact from doing this.

Thank you in advance.
0
Comment
Question by:Jim Stiveson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 500 total points
ID: 22736772
Better to only grant write access to NETLOGON share as it's the same as the scripts folder.
0
 
LVL 1

Author Comment

by:Jim Stiveson
ID: 22739991
henjoh09,

Thank you.  I should have clarified that. The NETLOGON share is what I was refering to.  Sometimes when I use that term it seems to make people think of NT 4.0.
I assume you do not see a problem with this?
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 500 total points
ID: 22740452
The only pure NT4-term I'm aware of is BDC that alot of people incorrectly talks about when referring to multiple DCs in AD.

If you trust them, it shouldn't be a problem.
Just place the users in a group "NETLOGON Script Admins" or similar and set the share permission on the NETLOGON-share.
Also verify they have NTFS-write access to scripts-folder.
If you want to isolate the OU-Admins to not write to other OU's scripts, create subfolders under NETLOGON for each OU and grant the separate OU-Admin groups NTFS-write to the subfolder instead of the parent. Point the logon-scripts for the users to be OU-folder\logon.cmd instead of just logon.cmd or handle it dynamically inside logon.cmd
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Jim Stiveson
ID: 22740776
henjoh09,
Oh, I wasn't implying it was. Just an observation.  Anyhow, I thank you very much for your input. That sounds like a great idea and I think that is what I am going to go with.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22747545
My line about NT4-terms was just meaning that I don't see why some people missunderstand you as talking about NT4 when NETLOGON exist in all versions, and it would had been more confusing if talking about BDC in AD-environment as that is old NT4-term.

It sounds like your satisified with the answer, so please click 'Accept as solution' to close the question.
0
 
LVL 1

Author Closing Comment

by:Jim Stiveson
ID: 31506933
Thank you for your input.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question