[Samba] Samba4 and sysvol share

felix at epepm.cupet.cu felix at epepm.cupet.cu
Wed Sep 28 05:59:15 MDT 2011

>> On 27/09/2011 13:07, felix at epepm.cupet.cu wrote:
>>> Hello.
>>> I noticed that any domain user can delete the content of the shared
>>> folder
>>> sysvol in the domain controller from a windows client.
>>> How can I avoid that?
>>> Greetings,
>>> Felix
>> What's the default windows behavior with this ?
>> Matthieu.
> Windows users              Windows permissions
> -------------------------------------------------
> Domain Admins-----------> Full Access
> Authenticated Users------> Read & Execute, List folder contents, Read
> CREATOR OWNER-----------> Special permissions (Maybe we don't need this)
> Server Operators--------> Read & Execute, List folder contents, Read
> SYSTEM------------------> Full Access

I think that what it is needed here is:
Domain Admins-------------> Full Access
and everybody else--------> Read & Execute, List folder contents, Read

I think that GPOs and some scripts are delivered to windows clients
through sysvol, that's why I don't want any of my users to be able to
delete the sysvol content.

What should I do to accomplish that goal?

Thanks in advance.

More information about the samba mailing list