troubleshooting Question

SYSVOL folder permission security best practice ?

Avatar of Senior IT System Engineer
Senior IT System EngineerFlag for Australia asked on
Microsoft Server OSActive DirectoryOS SecuritySecurityExchange
14 Comments7 Solutions4223 ViewsLast Modified:
Hi All,

Can anyone here please let me know what's the security best practice for the SYSVOL folder in my domain controller ?
I've got about multiple (~12) Domain Controller/GlobalCatalog which is running 2008 R2 and 2012 R2.

From what I can see, authenticated users have unrestricted access to SYSVOL, which means they can edit logon scripts, GPO or do any malicious thing.

Any help would be greatly appreciated.

Join our community to see this answer!
Unlock 7 Answers and 14 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 7 Answers and 14 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros