Printable View
I want some info on the ACL of Sysvol and Netlogon folders. We have everyone having read in the share permission of both Sysvol and Netlogon. In Share permission of Sysvol, we have authenticated users having full access. Can anyone tell me if we can replace everyone with Authenticated users and will there be any impact of modifying the ACl of these 2 folders? Thanks.
I would say that you should not play around in the default settings of Sysvol and Netlogon shares or the other folders, what ever you are seeing is properly set.
You have to take into account the effective permissions of the Sysvol directory or share. After combining Share and NTFS permissions, the most restrictive permissions will apply. By default, only domain authenticated users will be granted read priviledges to the Sysvol share. You can match the share permissins to the NTFS permissions and not effect the functionality of the Sysvol share, but that is not recommended and will not give you any benefits.