Solved

SYSVOL Permissions Issue On 2012 Datacenter

Posted on 2013-01-18
2
4,155 Views
Last Modified: 2013-01-22
Hi Experts

We have just upgraded our Active Directory Servers to 2012 Datacenter, AD, DNS & DHCP are working fine, but we are having some issues with Group Policy as follows:

We have a GPO that redirects the users doccuments and desktop to a network share but it isnt working, when I run GPRESULT /R it show that that policy has been applied, but when saving a file to the desktop it saves it on the C:
All our Users are running Win7 Enterprise

The second issue is when we change a GPO, and view the "Status" we get the following message:

The SYSVOL permissions for one or more GPOs on this domain controller are not in sync with the permissions for the GPOs on the baseline domain controller.

Any help is greatly appreciated

Thanks

Jon
0
Comment
Question by:Jon C
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
Coffinated earned 500 total points
ID: 38795489
Hi,

check to sysvol permission and reset it if needed

They follow a standard NTFS permissions of the SYSVOL folder:
% SystemRoot% \ Windows \ Sysvol

Clear the Allow inheritable permissions from parent to propagate to this object check box
Administrators: Full Control
Authenticated Users: Read, Read & Execute, List Folder Contents and
Creator Owner: Nothing selected
Server Operators: Read, Read & Execute, List Folder Contents and
System: Full Control
% SystemRoot% \ Windows \ Sysvol \ Sysvol

Clear the Allow inheritable permissions from parent to propagate to this object check box
% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain

Clear the Allow inheritable permissions from parent to propagate to this object check box
% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain \ Policies

Clear the Allow inheritable permissions from parent to propagate to this object check box
Administrators: Full Control
Authenticated Users: Read, Read & Execute, List Folder Contents and
Creator Owner: Nothing selected
Group Policy Creator Owners: Read, Read & Execute, List Folder Contents, Modify, and Write
Server Operators: Read, Read & Execute, List Folder Contents and
System: Full Control
For each file or folder that is located in the% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain \ Policies

Check the Allow inheritable permissions from parent to propagate to this object check box
Sysvol share permissions:

Administrators: Full Control
Authenticated Users: Full Control
Everyone: Read


As far as the redirection can you tell me how you redirected it? There may be a syntax error.
0
 

Author Closing Comment

by:Jon C
ID: 38806328
That sorted it, many thanks
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question