Improve company productivity with a Business Account.Sign Up

x
?
Solved

SYSVOL Permissions Issue On 2012 Datacenter

Posted on 2013-01-18
2
Medium Priority
?
4,556 Views
Last Modified: 2013-01-22
Hi Experts

We have just upgraded our Active Directory Servers to 2012 Datacenter, AD, DNS & DHCP are working fine, but we are having some issues with Group Policy as follows:

We have a GPO that redirects the users doccuments and desktop to a network share but it isnt working, when I run GPRESULT /R it show that that policy has been applied, but when saving a file to the desktop it saves it on the C:
All our Users are running Win7 Enterprise

The second issue is when we change a GPO, and view the "Status" we get the following message:

The SYSVOL permissions for one or more GPOs on this domain controller are not in sync with the permissions for the GPOs on the baseline domain controller.

Any help is greatly appreciated

Thanks

Jon
0
Comment
Question by:Jon C
2 Comments
 
LVL 5

Accepted Solution

by:
Coffinated earned 2000 total points
ID: 38795489
Hi,

check to sysvol permission and reset it if needed

They follow a standard NTFS permissions of the SYSVOL folder:
% SystemRoot% \ Windows \ Sysvol

Clear the Allow inheritable permissions from parent to propagate to this object check box
Administrators: Full Control
Authenticated Users: Read, Read & Execute, List Folder Contents and
Creator Owner: Nothing selected
Server Operators: Read, Read & Execute, List Folder Contents and
System: Full Control
% SystemRoot% \ Windows \ Sysvol \ Sysvol

Clear the Allow inheritable permissions from parent to propagate to this object check box
% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain

Clear the Allow inheritable permissions from parent to propagate to this object check box
% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain \ Policies

Clear the Allow inheritable permissions from parent to propagate to this object check box
Administrators: Full Control
Authenticated Users: Read, Read & Execute, List Folder Contents and
Creator Owner: Nothing selected
Group Policy Creator Owners: Read, Read & Execute, List Folder Contents, Modify, and Write
Server Operators: Read, Read & Execute, List Folder Contents and
System: Full Control
For each file or folder that is located in the% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain \ Policies

Check the Allow inheritable permissions from parent to propagate to this object check box
Sysvol share permissions:

Administrators: Full Control
Authenticated Users: Full Control
Everyone: Read


As far as the redirection can you tell me how you redirected it? There may be a syntax error.
0
 

Author Closing Comment

by:Jon C
ID: 38806328
That sorted it, many thanks
0

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question