On 28/09/2011 04:59, [email protected] wrote:
On 27/09/2011 13:07, [email protected] wrote:
Hello.
I noticed that any domain user can delete the content of the shared
folder
sysvol in the domain controller from a windows client.
How can I avoid that?
Greetings,
Felix
What's the default windows behavior with this ?
Matthieu.
Windows users Windows permissions
-------------------------------------------------
Domain Admins-----------> Full Access
Authenticated Users------> Read& Execute, List folder contents, Read
CREATOR OWNER-----------> Special permissions (Maybe we don't need this)
Server Operators--------> Read& Execute, List folder contents, Read
SYSTEM------------------> Full Access
I think that what it is needed here is:
Domain Admins-------------> Full Access
and everybody else--------> Read& Execute, List folder contents, Read
I think that GPOs and some scripts are delivered to windows clients
through sysvol, that's why I don't want any of my users to be able to
delete the sysvol content.
What should I do to accomplish that goal?
In theory we should have the ACLs ok, I have to check this things but it
won't be before next week I'm at IOLAB with microsoft this week focusing
on FRS replication.
Sorry.
Matthieu.
--
Matthieu Patou
Samba Team
http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
