[Samba] Samba4 and sysvol share
felix at epepm.cupet.cu
felix at epepm.cupet.cu
Wed Sep 28 05:59:15 MDT 2011
>> On 27/09/2011 13:07, felix at epepm.cupet.cu wrote:
>>> Hello.
>>> I noticed that any domain user can delete the content of the shared
>>> folder
>>> sysvol in the domain controller from a windows client.
>>>
>>> How can I avoid that?
>>>
>>> Greetings,
>>> Felix
>>>
>> What's the default windows behavior with this ?
>>
>> Matthieu.
>>
> Windows users Windows permissions
> -------------------------------------------------
> Domain Admins-----------> Full Access
> Authenticated Users------> Read & Execute, List folder contents, Read
> CREATOR OWNER-----------> Special permissions (Maybe we don't need this)
> Server Operators--------> Read & Execute, List folder contents, Read
> SYSTEM------------------> Full Access
>
I think that what it is needed here is:
Domain Admins-------------> Full Access
and everybody else--------> Read & Execute, List folder contents, Read
I think that GPOs and some scripts are delivered to windows clients
through sysvol, that's why I don't want any of my users to be able to
delete the sysvol content.
What should I do to accomplish that goal?
Thanks in advance.
Felix.
More information about the samba
mailing list