On Fri, Jan 6, 2012 at 5:08 PM, Crawford, Scott <[email protected]> wrote: > One thing that might be satisfactory is to restrict access on > the GPO to Domain Computers (or some subset) instead > of Authenticated Users or Domain Users.
Is that, for lack of a better word, "safe"? In other words, is it likely to cause anything else to break? Some MSKB articles give one the impression that SYSVOL will explode if you so much as give it a dirty look; I don't know how much of that is CYA and how much is "really, we mean it, don't screw with this". (E.g., they say that about the registry, too, and as long as you keep your changes limited, you're fine. But they also said that about the "M: drive" in Exchange 2000, and they weren't exaggerating then.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
