Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

All Netlogon content got disappeared

Posted on 2011-10-14
1
Medium Priority
?
505 Views
Last Modified: 2012-05-12
Hi Experts,

For the second time in a month, all files from Netlogon have disappeared. Only domain admins group has write permissions on sysvol tree.

There is no replication issue in place. If I create a file on a DC, it get replicated to others in minutes.

I have 5 sites and 10 DC's.

The first time the problem raised, the folder SCRIPTS itself was removed. This time only the content got removed.

If I copy all files back from backup, they get replicated again without any issue..

I suspected of human errors. Talked to all domain admins and they said nothing was being done by the time the files were removed.

Sysvol is excluded from antivirus scanning.

Object Acess Auditing had been enabled on sysvol folders for deletion. But I couldn't find anything useless in the security logs since it is so huge and from 500.000 entries maybe on or two has some to do with the problem. I don't have any log parser.

I don't think it's a replication issue, since if there is a conflict, the file would get renamed not deleted.

Any idea?

Tks

Rodrigo Garcone
0
Comment
Question by:garconer
1 Comment
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 2000 total points
ID: 36971930
The netlogon content will not be deleted automatically it seems some one has deleted the same from one server and the same got replicated to other server as well.

I would recommend to enable auditing on the sysvol folder the next time if occurs you will get evidence from which userid it was done.

Reference link:
http://support.microsoft.com/kb/300549
http://www.techrepublic.com/article/step-by-step-how-to-audit-file-and-folder-access-to-improve-windows-2000-pro-security/5034308

0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question