Solved

SYSVOL Permissions Issue On 2012 Datacenter

Posted on 2013-01-18
2
4,044 Views
Last Modified: 2013-01-22
Hi Experts

We have just upgraded our Active Directory Servers to 2012 Datacenter, AD, DNS & DHCP are working fine, but we are having some issues with Group Policy as follows:

We have a GPO that redirects the users doccuments and desktop to a network share but it isnt working, when I run GPRESULT /R it show that that policy has been applied, but when saving a file to the desktop it saves it on the C:
All our Users are running Win7 Enterprise

The second issue is when we change a GPO, and view the "Status" we get the following message:

The SYSVOL permissions for one or more GPOs on this domain controller are not in sync with the permissions for the GPOs on the baseline domain controller.

Any help is greatly appreciated

Thanks

Jon
0
Comment
Question by:Jon C
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
Coffinated earned 500 total points
ID: 38795489
Hi,

check to sysvol permission and reset it if needed

They follow a standard NTFS permissions of the SYSVOL folder:
% SystemRoot% \ Windows \ Sysvol

Clear the Allow inheritable permissions from parent to propagate to this object check box
Administrators: Full Control
Authenticated Users: Read, Read & Execute, List Folder Contents and
Creator Owner: Nothing selected
Server Operators: Read, Read & Execute, List Folder Contents and
System: Full Control
% SystemRoot% \ Windows \ Sysvol \ Sysvol

Clear the Allow inheritable permissions from parent to propagate to this object check box
% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain

Clear the Allow inheritable permissions from parent to propagate to this object check box
% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain \ Policies

Clear the Allow inheritable permissions from parent to propagate to this object check box
Administrators: Full Control
Authenticated Users: Read, Read & Execute, List Folder Contents and
Creator Owner: Nothing selected
Group Policy Creator Owners: Read, Read & Execute, List Folder Contents, Modify, and Write
Server Operators: Read, Read & Execute, List Folder Contents and
System: Full Control
For each file or folder that is located in the% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain \ Policies

Check the Allow inheritable permissions from parent to propagate to this object check box
Sysvol share permissions:

Administrators: Full Control
Authenticated Users: Full Control
Everyone: Read


As far as the redirection can you tell me how you redirected it? There may be a syntax error.
0
 

Author Closing Comment

by:Jon C
ID: 38806328
That sorted it, many thanks
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question