Solved

Granting Write Permission to a group for the SYSVOL

Posted on 2008-10-16
6
1,467 Views
Last Modified: 2012-05-05
Hello all,
I have a requirement to provide a group of OU Administrators with the ability to create scripts.  Of course this entails granting that group write permission to the scripts directory.  I do not see a problem with this but would like to hear other's thoughts on this.  I would really appreciate hearing from anyone on this. Especially if you can think of a negative impact from doing this.

Thank you in advance.
0
Comment
Question by:Jim Stiveson
  • 3
  • 3
6 Comments
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 125 total points
ID: 22736772
Better to only grant write access to NETLOGON share as it's the same as the scripts folder.
0
 
LVL 1

Author Comment

by:Jim Stiveson
ID: 22739991
henjoh09,

Thank you.  I should have clarified that. The NETLOGON share is what I was refering to.  Sometimes when I use that term it seems to make people think of NT 4.0.
I assume you do not see a problem with this?
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 125 total points
ID: 22740452
The only pure NT4-term I'm aware of is BDC that alot of people incorrectly talks about when referring to multiple DCs in AD.

If you trust them, it shouldn't be a problem.
Just place the users in a group "NETLOGON Script Admins" or similar and set the share permission on the NETLOGON-share.
Also verify they have NTFS-write access to scripts-folder.
If you want to isolate the OU-Admins to not write to other OU's scripts, create subfolders under NETLOGON for each OU and grant the separate OU-Admin groups NTFS-write to the subfolder instead of the parent. Point the logon-scripts for the users to be OU-folder\logon.cmd instead of just logon.cmd or handle it dynamically inside logon.cmd
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 1

Author Comment

by:Jim Stiveson
ID: 22740776
henjoh09,
Oh, I wasn't implying it was. Just an observation.  Anyhow, I thank you very much for your input. That sounds like a great idea and I think that is what I am going to go with.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22747545
My line about NT4-terms was just meaning that I don't see why some people missunderstand you as talking about NT4 when NETLOGON exist in all versions, and it would had been more confusing if talking about BDC in AD-environment as that is old NT4-term.

It sounds like your satisified with the answer, so please click 'Accept as solution' to close the question.
0
 
LVL 1

Author Closing Comment

by:Jim Stiveson
ID: 31506933
Thank you for your input.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SCCM Active Directory Audit functions 2 27
Multi Factor Authentication 3 43
BgInfo help 5 57
Unable to hit site 2 23
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question