We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
COURSE of the MONTH
14 days, 22 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Securing the Sysvol Share - Active Directory 2012
Posted on 2013-01-02
Experts,
I was wondering if there is a way to secure or Remove the Sysvol share from Windows 2012 Active Directory. My end users are not tech savy, but it is pretty scary to see that anyone in my network can \\Myserver\sysvol and see the share, access and change.
Are there any recommendations that I can use so that my end users can not see this share without impacting my brand new installation of windows 2012 active directory?
Thank you
I was wondering if there is a way to secure or Remove the Sysvol share from Windows 2012 Active Directory. My end users are not tech savy, but it is pretty scary to see that anyone in my network can \\Myserver\sysvol and see the share, access and change.
Are there any recommendations that I can use so that my end users can not see this share without impacting my brand new installation of windows 2012 active directory?
Thank you
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
- +1
5 Comments
Active 1 day ago
Sysvol holds the policies and logon scripts defined for domain
It should be shared on DC's However only Read only access should be give on shares which is required in order to get policies applied
There are no security breaches if the sysvol is shared with default permissions and normal users are not given administative rights
It should be shared on DC's However only Read only access should be give on shares which is required in order to get policies applied
There are no security breaches if the sysvol is shared with default permissions and normal users are not given administative rights
no one can change anything in the sysvol folder as all authenticated user has read/execute permission only.
please see the below MS KB
http://support.microsoft.com/kb/812538
please see the below MS KB
http://support.microsoft.com/kb/812538
Hello,
In order to understand correctly, my authenticated users will have read and execute access to the Sysvol folder? No way around it?
Thanks!
In order to understand correctly, my authenticated users will have read and execute access to the Sysvol folder? No way around it?
Thanks!
Active 1 day ago
Yes, its mandatory to have it in order AD & FRS replication to work correctly ....to policy to get applied on clients successfuly
They shouldn't be able to change anything. This is why it is critical to not store passwords in scripts in sysvol. I've seen scripts that contain passwords of admin accounts. Like you said most users are not savvy enough to even know that sysvol exists but we worry about the smart attackers.
Thanks
Mike
Thanks
Mike
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s
ManageEngine
webinar, where attendees received a comprehensive look at the ma…
Let's recap what we learned from yesterday's Skyport Systems webinar.
- Ransomware
- Experts Exchange
- Skyport Systems
- Active Directory
- Security
- *privileged credentials
Attackers love to prey on accounts that have privileges.
Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month14 days, 22 hours left to enroll
771 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.