[Samba] improving gpo application security
rpenny at samba.org
Tue Sep 7 13:25:30 UTC 2021
On Tue, 2021-09-07 at 09:39 -0300, Marcos Ariel Negrini via samba
> First of all, apologise for my English, and I hope you can understand
> I have been analysing the security offered by GPO's application, I
> several articles such as
> and it is clear that the use of GPO's is not intended to distribute
> critical data.
> I'm trying to improve the security of sysvol (e.g. users without
> privileges cannot browse and download the content of sysvol or
Good luck with that, SYSTEM has full control on Sysvol and
Authenticated Users has read access.
> and the comunication protocol used by the GPO (encrypt from the
> to the workstation).
> Is there any implementation you recommend that would improve the
> security of the information stored in sysvol and its comunication
> between AD servers and workstations?
I don't think you can, the whole idea behind Sysvol is to allow access
to GPO's, any problems and the GPO's don't get applied.
More information about the samba