• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 979
  • Last Modified:

Securing the Sysvol Share - Active Directory 2012

Experts,

I was wondering if there is a way to secure or Remove the Sysvol share from Windows 2012 Active Directory.  My end users are not tech savy, but it is pretty scary to see that anyone in my network can \\Myserver\sysvol and see the share, access and change.

Are there any recommendations that I can use so that my end users can not see this share without impacting my brand new installation of windows 2012 active directory?

Thank you
0
RandallVillalobos
Asked:
RandallVillalobos
3 Solutions
 
Sarang TinguriaSr EngineerCommented:
Sysvol holds the policies and logon scripts defined for domain
It should be shared on DC's However only Read only access should be give on shares which is required in order to get policies applied

There are no security breaches if the sysvol is shared with default permissions and normal users are not given administative rights
0
 
waleedaCommented:
no one can change anything in the sysvol folder as all authenticated user has read/execute permission only.

please see the below MS KB
http://support.microsoft.com/kb/812538
0
 
RandallVillalobosAuthor Commented:
Hello,

In order to understand correctly, my authenticated users will have read and execute access to the Sysvol folder?  No way around it?

Thanks!
0
 
Sarang TinguriaSr EngineerCommented:
Yes, its mandatory to have it in order AD & FRS replication to work correctly ....to policy to get applied on clients successfuly
0
 
Mike KlineCommented:
They shouldn't be able to change anything.   This is why it is critical to not store passwords in scripts in sysvol.  I've seen scripts that contain passwords of admin accounts.    Like you said most users are not savvy enough to even know that sysvol exists but we worry about the smart attackers.


Thanks

Mike
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now