[Samba] Samba4 and sysvol share
felix at epepm.cupet.cu
felix at epepm.cupet.cu
Wed Sep 28 12:55:53 MDT 2011
> On 28/09/2011 04:59, felix at epepm.cupet.cu wrote:
>>>> On 27/09/2011 13:07, felix at epepm.cupet.cu wrote:
>>>>> Hello.
>>>>> I noticed that any domain user can delete the content of the shared
>>>>> folder
>>>>> sysvol in the domain controller from a windows client.
>>>>>
>>>>> How can I avoid that?
>>>>>
>>>>> Greetings,
>>>>> Felix
>>>>>
>>>> What's the default windows behavior with this ?
>>>>
>>>> Matthieu.
>>>>
>>> Windows users Windows permissions
>>> -------------------------------------------------
>>> Domain Admins-----------> Full Access
>>> Authenticated Users------> Read& Execute, List folder contents, Read
>>> CREATOR OWNER-----------> Special permissions (Maybe we don't need
>>> this)
>>> Server Operators--------> Read& Execute, List folder contents, Read
>>> SYSTEM------------------> Full Access
>>>
>> I think that what it is needed here is:
>> Domain Admins-------------> Full Access
>> and everybody else--------> Read& Execute, List folder contents, Read
>>
>> I think that GPOs and some scripts are delivered to windows clients
>> through sysvol, that's why I don't want any of my users to be able to
>> delete the sysvol content.
>>
>> What should I do to accomplish that goal?
> In theory we should have the ACLs ok, I have to check this things but it
> won't be before next week I'm at IOLAB with microsoft this week focusing
> on FRS replication.
>
>
> Sorry.
>
> Matthieu.
>
I understand. I'll be waiting for an answer.
Thanks.
Felix.
More information about the samba
mailing list