Solved

Granting Write Permission to a group for the SYSVOL

Posted on 2008-10-16
6
1,474 Views
Last Modified: 2012-05-05
Hello all,
I have a requirement to provide a group of OU Administrators with the ability to create scripts.  Of course this entails granting that group write permission to the scripts directory.  I do not see a problem with this but would like to hear other's thoughts on this.  I would really appreciate hearing from anyone on this. Especially if you can think of a negative impact from doing this.

Thank you in advance.
0
Comment
Question by:Jim Stiveson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 125 total points
ID: 22736772
Better to only grant write access to NETLOGON share as it's the same as the scripts folder.
0
 
LVL 1

Author Comment

by:Jim Stiveson
ID: 22739991
henjoh09,

Thank you.  I should have clarified that. The NETLOGON share is what I was refering to.  Sometimes when I use that term it seems to make people think of NT 4.0.
I assume you do not see a problem with this?
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 125 total points
ID: 22740452
The only pure NT4-term I'm aware of is BDC that alot of people incorrectly talks about when referring to multiple DCs in AD.

If you trust them, it shouldn't be a problem.
Just place the users in a group "NETLOGON Script Admins" or similar and set the share permission on the NETLOGON-share.
Also verify they have NTFS-write access to scripts-folder.
If you want to isolate the OU-Admins to not write to other OU's scripts, create subfolders under NETLOGON for each OU and grant the separate OU-Admin groups NTFS-write to the subfolder instead of the parent. Point the logon-scripts for the users to be OU-folder\logon.cmd instead of just logon.cmd or handle it dynamically inside logon.cmd
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:Jim Stiveson
ID: 22740776
henjoh09,
Oh, I wasn't implying it was. Just an observation.  Anyhow, I thank you very much for your input. That sounds like a great idea and I think that is what I am going to go with.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22747545
My line about NT4-terms was just meaning that I don't see why some people missunderstand you as talking about NT4 when NETLOGON exist in all versions, and it would had been more confusing if talking about BDC in AD-environment as that is old NT4-term.

It sounds like your satisified with the answer, so please click 'Accept as solution' to close the question.
0
 
LVL 1

Author Closing Comment

by:Jim Stiveson
ID: 31506933
Thank you for your input.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ntp server 15 81
Enabling flash installation using GPO 2 53
change password for AD retention policy and Citrix 2 85
DNS Record Manupluation 11 41
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question