Hiding sysvol and netlogon

Kiwihk

60 pts.

Tags:

Microsoft Windows Server 2003

Microsoft Windows XP

NETLOGON

SYSVOL

We have a Windows 2003 server with XP pro client, when the user logins to the domain they could browse the network or type in the UNC path and see the netlogon or sysvol, how do I hid this from the domain users, I think I tried setting no read permissions on those foldes but login script didn't work after that.

Asked: February 29, 2008 3:34 AM Last updated: March 4, 2008 3:35 PM

Answer Wiki

Last updated: February 29, 2008 2:14 PM GMT

Jerry Lees5,335 pts.
History
Contributors
- Ordered by most recent
- Jerry Lees5,335 pts.

Thanks. We'll let you know when a new response is added.

That is correct. These two shares are integral to windows logins and login scripts working. They are supposed to be visible to clients. Basically, don’t put anything in there that isn’t supposed to be readable by everyone.

These are also the shares that are used by domain controllers for replication of Group policy information and such.

I can’t stress enough, you <i><b>NEED </b></i>these shares.

the default permissions for both shares is read for all users, ntfs is read and execute. as long as you aren’t using these shares for anything else, this shouldn’t cause you any problems.

Discuss This Question: 2 Replies

Wrobinson Feb 29, 2008 3:20 PM GMT

That's exactly right. These shares support server and client activity such as logon scripts, group policy and replication. Do not alter security in any way.

5,625 pointsBadges:

report
Jerry Lees Mar 4, 2008 3:35 PM GMT

Looks like you've asked this question again. May I ask why you believe you want to do this, so I can possibly offer you a different solution that will meet your needs without breaking active directory?

5,335 pointsBadges:

report