File Security Risk

Posted on 2011-02-28
Medium Priority
Last Modified: 2012-06-21
I've found a server on our network that I can access remotely just by browsing in Windows Explorer (starting from My Network Places and drilling down).

I can drill all the way down until I find, for instance, the following file:

\\server-here\SYSVOL\domain-here.domain.org\Policies\{9AF8586C-819F-truncated}\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf

First of all, what is this file? Secondly, is access to this path and file a security risk, and if so, what are the risks?

Thanks guys.
Question by:isaacr25
1 Comment

Accepted Solution

mnation1 earned 2000 total points
ID: 35004042
You've found the network share that serves out your domain's Group Policy settings to the computers on the domain.  That file contains your default security policy settings.  Everyone on the network should have read-only permissions to the folder you found, but not modify or write permissions.  Each machine and user needs to be able to read those settings so they can be downloaded and applied to each computer/user.

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A basic introduction to Website Security and the absolute minimal steps that anyone should take in order to protect against hostile intrusions. This is offered as a guide to getting started, not an exhaustive list of all precautions. Enjoy...
Cloud computing is a model of provisioning IT services. By combining many servers into one large pool and providing virtual machines from that resource pool, it provides IT services that let customers acquire resources at any time and get rid of the…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question