Clean 2008 domain
C:\Users\$bdesmond>net share sysvol
Share name SYSVOL
Path F:\SYSVOL\sysvol
Remark Logon server share
Maximum users No limit
Users
Caching Manual caching of documents
Permission Everyone, READ
BUILTIN\Administrators, FULL
NT AUTHORITY\Authenticated Users, FULL
The command completed successfully.
C:\Users\$bdesmond>net share netlogon
Share name NETLOGON
Path F:\SYSVOL\sysvol\ad.sfsu.edu\SCRIPTS
Remark Logon server share
Maximum users No limit
Users
Caching Manual caching of documents
Permission Everyone, READ
BUILTIN\Administrators, FULL
The command completed successfully.
F:\SYSVOL>cacls sysvol
F:\SYSVOL\sysvol NT AUTHORITY\Authenticated Users:R
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(special access:)
GENERIC_READ
GENERIC_EXECUTE
BUILTIN\Server Operators:R
BUILTIN\Server Operators:(OI)(CI)(IO)(special access:)
GENERIC_READ
GENERIC_EXECUTE
BUILTIN\Administrators:(special access:)
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
BUILTIN\Administrators:(OI)(CI)(IO)(special access:)
WRITE_DAC
WRITE_OWNER
GENERIC_READ
GENERIC_WRITE
GENERIC_EXECUTE
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
BUILTIN\Administrators:(special access:)
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
CREATOR OWNER:(OI)(CI)(IO)(special access:)
WRITE_DAC
WRITE_OWNER
GENERIC_READ
GENERIC_WRITE
GENERIC_EXECUTE
F:\SYSVOL\domain>cacls scripts
F:\SYSVOL\domain\scripts NT AUTHORITY\Authenticated Users:R
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(special a
ccess:)
GENERIC_RE
AD
GENERIC_EX
ECUTE
BUILTIN\Server Operators:R
BUILTIN\Server Operators:(OI)(CI)(IO)(special access:)
GENERIC_READ
GENERIC_EXECUTE
BUILTIN\Administrators:(special access:)
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
BUILTIN\Administrators:(special access:)
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
CREATOR OWNER:(OI)(CI)(IO)F
Thanks,
Brian Desmond
[email protected]
c – 312.731.3132
-----Original Message-----
From: Juned Shaikh [mailto:[email protected]]
Sent: Sunday, April 11, 2010 2:32 PM
To: NT System Admin Issues
Subject: SYSVOL and NETLOGON Def perms
Hi,
I am trying to fix some security finding with file shares and permissions and
am trying to understand what are the default SHARE adn NTFS permissions on
SYSVOL and NETLOGON
In environment here, I am in serious argument with Security team.
Thanks,
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
