SYSVOL Sharing across network concern
Compliance, CRM, DataCenter, Disaster Recovery, Policies, Risk management, Security, Security management, Security Program Management, Tech support
Good morning to all. First off, let me thank everyone for their past help and support I have received from this search2000 group. I have a concern about a folder being shared across my network called SYSVOL. I know it is related to the Domain controller and maybe for scripts that have been added. In regards to SYSVOL, is it safe to have this shared across the network? Does it have to be shared where any user surfing the network can view it?
I'm using Win2003 Server Enterprise, and have a two servers sharing active directory as PDC and BDC.
Thanks again.
Edwin
Software/Hardware used:
Software/Hardware used:
ASKED:
June 7, 2005 9:51 AM
UPDATED:
June 7, 2005 3:24 PM
RELATED QUESTIONS
- Trying to Design a Split Database Access 2007/SQL Server Express
- Partitioning in SQL Server 2005/2008
- Virtual Apps vs. Virtual Desktops
- Print Server IP addresses
- The File Replication Service is having trouble enabling replication from DOMAIN to BDOMAIN for c:windowssysvoldomain using the DNS name domain.emba
Answer Wiki:
Yes SYSVOL needs to be shared. Essentially it holds any logon scripts, or Group Policies defined for the domain, and needs to be accessible by logon process on client PC's.
It is reasonably well protected, as long as you don't try and change default permissions on it.
If you don't use Group Policies, or logon scripts, you could hide it further, but there would be no point, as there wouldn't be anything there to see anyway.
To see all answers submitted to the Answer Wiki: View Answer History.
In addition, if you’re concerned about who can access it keep in mind that it’s only “Authenticated Users.” If you’re want to limit the entities that can be in that group try tightening your policies for being able to authenticate or join to the domain. Simply not including anonymous users in the Everyone group (one registry setting) will prevent any rouge entities from accessing this (and almost all other) shares.