We help IT Professionals succeed at work.
Get Started

SYSVOL folder permission security best practice ?

Last Modified: 2018-05-24
Hi All,

Can anyone here please let me know what's the security best practice for the SYSVOL folder in my domain controller ?
I've got about multiple (~12) Domain Controller/GlobalCatalog which is running 2008 R2 and 2012 R2.

From what I can see, authenticated users have unrestricted access to SYSVOL, which means they can edit logon scripts, GPO or do any malicious thing.

Any help would be greatly appreciated.

Watch Question
Distinguished Expert 2020
This problem has been solved!
Unlock 7 Answers and 14 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE