JSI Tip 7515. The Authenticated Users group in Windows Server 2003 has Full Control of the SYSVOL share?

The Authenticated Users group should only have Read share-level permission for the SYSVOL share.

Even though the underlying NTFS permissions on the %SystemRoot%\Sysvol\Sysvol folder DO NOT allow an Authenticated Users to write or change anything, if the ACL was accidentally changed, members of the Authenticated Users could have write or Full Control permissions on the SYSVOL folders and files.

To correct this problem:

1. Use Windows Explorer, or My Computer, to browse to %SystemRoot%\Sysvol\Sysvol.

2. Right-click the folder and press Sharing and Security.

3. Press Permissions.

4. Select Authenticated Users.

5. Clear the Full Control and Change boxes in the Allow column.

6. Press OK and OK.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish