Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SYSVOL Permissions Issue On 2012 Datacenter

Posted on 2013-01-18
2
3,983 Views
Last Modified: 2013-01-22
Hi Experts

We have just upgraded our Active Directory Servers to 2012 Datacenter, AD, DNS & DHCP are working fine, but we are having some issues with Group Policy as follows:

We have a GPO that redirects the users doccuments and desktop to a network share but it isnt working, when I run GPRESULT /R it show that that policy has been applied, but when saving a file to the desktop it saves it on the C:
All our Users are running Win7 Enterprise

The second issue is when we change a GPO, and view the "Status" we get the following message:

The SYSVOL permissions for one or more GPOs on this domain controller are not in sync with the permissions for the GPOs on the baseline domain controller.

Any help is greatly appreciated

Thanks

Jon
0
Comment
Question by:Jon C
2 Comments
 
LVL 5

Accepted Solution

by:
Coffinated earned 500 total points
ID: 38795489
Hi,

check to sysvol permission and reset it if needed

They follow a standard NTFS permissions of the SYSVOL folder:
% SystemRoot% \ Windows \ Sysvol

Clear the Allow inheritable permissions from parent to propagate to this object check box
Administrators: Full Control
Authenticated Users: Read, Read & Execute, List Folder Contents and
Creator Owner: Nothing selected
Server Operators: Read, Read & Execute, List Folder Contents and
System: Full Control
% SystemRoot% \ Windows \ Sysvol \ Sysvol

Clear the Allow inheritable permissions from parent to propagate to this object check box
% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain

Clear the Allow inheritable permissions from parent to propagate to this object check box
% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain \ Policies

Clear the Allow inheritable permissions from parent to propagate to this object check box
Administrators: Full Control
Authenticated Users: Read, Read & Execute, List Folder Contents and
Creator Owner: Nothing selected
Group Policy Creator Owners: Read, Read & Execute, List Folder Contents, Modify, and Write
Server Operators: Read, Read & Execute, List Folder Contents and
System: Full Control
For each file or folder that is located in the% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain \ Policies

Check the Allow inheritable permissions from parent to propagate to this object check box
Sysvol share permissions:

Administrators: Full Control
Authenticated Users: Full Control
Everyone: Read


As far as the redirection can you tell me how you redirected it? There may be a syntax error.
0
 

Author Closing Comment

by:Jon C
ID: 38806328
That sorted it, many thanks
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
User Being Logged Out of AD 6 65
Active Directory/sub domain vs root domain 3 29
Domian name change 12 23
Advanced Auditing issue 3 21
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question